The  Unix  challenge 


Big  Unix  vendors  this  year  will  add  security  ,  virtualiza¬ 
tion  and  broader  management  tools  to  the  operating 
system  in  an  effort  to  stem  the  Linux  onslaught.  PAGE  20. 
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ROADMAP 


Network  World's  2007  IT  Roadmap  Conference  &  Expo 

kicks  off  March  6  in  Boston.  For  a  look  at  the 
other  4  stops  on  this  U.S.  roadshow,  go  to 

www.nwdoc1inder.com/6844 
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Clear  Choice  Test: 

Low-cost  network 
management  tools 


Looking  for  an  effective 
network 
manage¬ 
ment  tool  that 
starts  at  less 
than  $1,500? 

We  tested 
seven  of  them, 
and  ipMonitor 
came  away 
with  a  Clear 
Choice  award  for  its 
accuracy,  ease  of  use  and  security. 
Page  30. 


NETWHKWORLD  Ptw-k  out  our 

EKXBBB  LAN/WAN 


Management  Buyer's  Guide. 
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Root  servers  fared  just  fine; 
experts  fret  about  your  net 


BY  CAROLYN  DUFFY  MARSAN 

There’s  good  news  and  bad  news  for  cor¬ 
porate  network  managers  about  the  latest 
Internet  root  server  attack. 

The  good  news  is  the  Internet  demon¬ 
strated  once  again  that  it  is  the  most 
resilient  network  infrastructure  ever  built. 
Companies  shouldn’t  be  afraid  to  put  mis¬ 
sion-critical  applications  slich  as  voice 
and  streaming  video  on  the  ’Net  because 
of  these  attacks,  security  experts  say 

The  bad  news  is  that  the  Internet  contin¬ 
ues  to  be  a  target  for  vandals  and  crimi¬ 
nals,  particularly  those  looking  to  make 
money  through  extortion,  fraud  or  theft. 
Experts  say  that  most  corporate  Web  sites 
and  IP  networks  couldn’t  withstand  the 
ferocity  of  the  latest  attacks. 

“These  attacks  weren’t  that  substantial,” 
for  the  highly  distributed  root  server  infra¬ 


structure,  says  Danny  McPherson,  chief 
research  officer  for  Arbor  Networks,  which 
provides  detection  services  for  these  types 
of  attacks.  “They’ve  gotten  a  lot  of  atten¬ 
tion,  but  they’re  not  as  significant  as  the 
attacks  we  see  every  day  against  our  cus¬ 
tomers,  which  are  much  more  targeted 
and  more  damaging.” 

Steve  Bellovin,  an  Internet  security 
expert  and  professor  of  computer  science 
at  Columbia  University,  agrees. 

“I’d  be  more  worried  about  somebody 
trying  to  target  my  corporation  than  some¬ 
body  trying  to  target  the  infrastructure 
because  no  one  corporation  has  the  kind 
of  replication  and  bandwidth  that  the  infra¬ 
structure  has  at  this  point,”  Bellovin  says. 

On  Tuesday,  an  attack  was  launched 
against  three  of  the  Internet’s  13  root 
See  Attack,  page  12 


Counterattack: 
Bomb  ’em  one 
way  or  the  other 

BY  ELLEN  MESSMER 

SAN  FRANCISCO  —  If  the  United  States 
found  itself  under  a  major  cyberattack 
aimed  at  undermining  the  nations  critical 
information  infrastructure,  the  Department 
of  Defense,  based  on  the  authority  of  the 
president,  is  prepared  to  launch  a  cyber 
counterattack  or  an  actual  bombing  of  an 
attack  source. 

The  primary  group  responsible  for  analyz¬ 
ing  the  need  for  any  cyber  counterstrike  is 
the  National  Cyber  Response  Coordination 
Group  (NCRCG).The  three  co-chairs  of  the 

See  Counterstrike,  page  12 


RSACQNFERENCE2007 

Security  picture  lacking  focus 


BY  TIM  GREENE 
AND  ELLEN  MESSMER 

SAN  FRANCISCO  —  IT  execu¬ 
tives  who  flocked  to  the  RSA 
Conference  ’07  last  week  heard 


vendors  pledge  to  help  protect 
information  no  matter  how  it  is 
accessed,  but  evidence  of  the 
technology  needed  to  accom¬ 
plish  this  was  hard  to  find  on  the 


exhibit  floor. 

Microsoft  Chairman  Bill  Gates 
described  the  need  for  “trustwor¬ 
thy  computing,” a  set  of  coordinat¬ 
ed  technologies  embracing  infra¬ 
structure  and  applications.  Sepa¬ 
rately  RSA  President  Art  Coviello 
spoke  of  a  future  that  includes 
security  as  a  coordinated  part  of 
the  network  fabric,  not  an  add-on 
supplied  by  one  or  a  series  of  indi¬ 
vidual  devices.’The  value  of  secu¬ 
rity  as  a  stand-alone  solution  is 
diminishing,”  he  said. 

Yet  vendors  promoted  prod¬ 
ucts  —  network  access  control 
devices,  intrusion-prevention 
See  RSA,  page  10 
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Secure  Networks 


CISCO  SHAKEUP 


Cisco’s  Chief  Development 
Officer  Charles  Giancarlo 

is  heir-apparent  to  CEO  John 
Chambers  after  Mike 
Volpi,  the  head  of  Ciscos  (  jjiA ,  . 

Routing  and  Service 
Provider  group,  left  the  ' 
company  last  week.  ,/T'  /  dpike  Vo§p 
Giancarlo  spent  last  week 
talking  up  the  company’s  R&D 
efforts.  See  stories  page 

Separately  the  company  rolled1 
out  a  slew  of  security  updates.  " 
See  page  17. 
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Your  potential.  Our  passion. 


Microsoft 


Microsoft  System  Center  is  a  family  of 
IT  management  solutions  (including  Operations 
Manager  and  Systems  Management  Server) 
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Network  Nirvana 

Connectivity,  Convergence 
and  Compliance — all  Secure 


Enterasys  security-enabled  network  infrastructure  products  give  you  granular 
visibility  and  control  over  who’s  using  your  network  and  your  voice,  video  and 
data  communications — wired  and  wireless;  switching  and  routing;  LAN  and  WAN. 

Our  advanced  security  applications  produce  compliance  reports  and  proactively 
prevent  threats  against  your  IT  assets  with  our  intrusion  prevention  and  network 
access  control  solutions. 

Let  us  show  you  how  we  can  automatically  protect  you  and  your  information 
without  sacrificing  performance. 


Leading  companies  in  more 
than  70  countries  ensure 
the  integrity  and  performance 
of  their  IT  services  with 
Enterasys  Secure  Networks ™ 


N 


We  Secure  Any  Network 

Set  up  a  time  to  see  how  our  unique  approach  can  secure  any 
network  from  any  vendor  while  leveraging  your  existing  investments. 
Call  +1  877-801-7082  or  visit  enterasys.com/securenetworks. 
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Newsbits 


Network  Infrastructure 

17  Cisco  vows  to  strengthen  security  line. 

18  Investors  flock  to  consumer  network  firms. 

28  Opinion:  On  Technology:  Study  provides  insight  into  hacks. 

44  Cisco  exec  Giancarlo  surveys  the  company's  R&D  outlook. 

44  Key  executive  Volpi  bolts  Cisco. 

Enterprise  Computing 

8  Microsoft  readies  Windows  Mobile  6. 

20  SPECIAL  FOCUS:  In  face  of  Linux,  Unix  vendors  get  creative. 

46  Opinion:  BackSpin:  The  how,  why  and  where  of  future  IT. 

COOLTOOLS 

Imation's  Pivot  Flash  Drive 
includes  as  much  as  4GB  of 
storage  space  and  has  pass¬ 
word  protection.  Page  26. 

Application  Services 

8  AJAX  faces  development  challenges. 

10  Johna  Till  Johnson:  Technology  and  the  power  of  pain, 

17  A  growing  divide  in  healthcare  IT. 

18  Scott  Bradner:  Passwords  and  the  limitations  of  people. 

46  Opinion:  'Net  Buzz:  Did  Gates  fib  about  H1-B  hires  getting  S100KP 

Tech  Update 

22  A  lesson  in  30A  model-based  management. 

22  Ask  Dr.  Internet. 

26  Mark  Gibbs:  AppLogic:  Enterprise  infrastructure, 

26  Keith  Shaw:  Cool  tools,  gizmos  and  other  neat  stuff. 


Management  and  Careers 

37  The  best  and  worst  of  working  in  IT:  Network  execs  detail  what  they 
love  —  and  hate  —  about  their  jobs. 


6  Networkworld.com:  Catch  up  on  the  latest  online  forums,  blogs, 
newsletters,  videos  and  help-desk  queries. 
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Low-cost  network 

management  tools  [  CLEAR  CHOICE  IOI 

Looking  for  an  effective  km—mmmmnnnim^^J 
network  management  tool  that  starts  at  less  than 
$1,500?  We  tested  seven  of  them,  and  ipMonitor  came 
away  with  a  Clear  Choice  award  for  its  accuracy,  ease 
of  use  and  security.  Page  30. 


Cisco  buys  into  social  networking 

■  Cisco  last  week  announced  plans  to  acquire  Five 
Across,  a  social-networking  software  company 
for  an  undisclosed  amount.  The  router  pio¬ 
neer  doesn’t  plan  to  set  up  its  own  social¬ 
networking  site  to  compete  against 
MySpace  or  Facebook.  Instead,  Cisco  will 
use  Five  Across  technology  to  create  soft¬ 
ware  that  will  help  enterprises  better  connect 
with  their  customers.  In  addition,  service 
providers  may  be  able  to  build  services  with  the 
technology  and  sell  them  to  their  business  customers, 
Cisco  said.  Five  Across  sells  a  software  platform  called 
Connect  Community  Builder.  It  includes  a  variety  of 
features  that  enterprises  can  build  into  their  Web  pres¬ 
ence  for  customers,  such  as  individual  profile  pages, 
friend  lists,  discussions,  and  posting  of  blogs,  videos 
and  podcasts. 


Microsoft  security 
patches  on  tap 

■  Microsoft  plans  to  release  13 
sets  of  security  patches  this  week 
to  fix  critical  vulnerabilities  in  a 
number  of  products  —  including 
its  new  security  software.  Five  of 
the  updates  will  be  for  Windows 
and  two  will  be  for  Office.  There 
also  will  be  patches  for  critical 
flaws  in  Microsoft’s  Windows  Live 
OneCare,  Antigen,  Windows  De¬ 
fender  and  ForeFront  security  soft¬ 
ware.  The  Office  patches  have 
been  expected,  as  online  crimi¬ 
nals  have  been  exploiting  vulner¬ 
abilities  in  Word  and  Excel  for  sev¬ 
eral  months. 

Metcalfe  makes 
Inventors  Hall  of  Fame 

■  Ethernet  is  right  up  there  with 
the  LP  record,  air  bags  and  soft 
contact  lenses.  So  says  the 
National  Inventors  Hall  of  Fame, 
which  included  Bob  Metcalfe, 
inventor  of  the  ubiquitous  LAN 
technology  in  its  latest  round  of 
inductees.  Metcalfe,  along  with 
David  Boggs,  created  Ethernet 
technology  as  researchers  at 


Xerox  PARC  in 
1973.  Metcalfe 
took  his  inven¬ 
tion  to  the  mar¬ 
ket  in  1979,  when  he  founded  net¬ 
work  company  3Com. 

CEOs  don't  expect 
much  from  IT  execs 

■  The  good  news  for  CIOs  is  that 
CEOs  believe  IT  performs  as 
expected.  The  bad  news?  CEOs 
say  they  have  low  expectations  of 
their  IT  shops,  particularly  when  it 
comes  to  business  innovation.  A 
Forrester  Research  report  set  to 
be  published  later  this  month 
includes  survey  data  from  more 
than  70  CEOs  who  were  asked 
how  they  regarded  their  compa¬ 
nies’  CIOs  and  IT  organizations. 
The  findings  show  that  while 
CEOs  didn’t  complain  about  IT 
performance,  there  is  a  lot  of 
room  for  improvement  in  the 
CEO-CIO  dynamic.  When  the 
CEOs  were  asked  about  IT’s  role 
in  business  innovation,  28%  said 
IT  offered  proactive  leadership, 
while  34%  characterized  the  IT 
group’s  contribution  as  “poor  or 
mediocre.”  Just  one-third  of  the 


TheGoodTheBadTheUgly 

<  Apple  and  Apple  come  together. 

Apple,  the  computer  and  digital  music  company,  has  bought 
rights  to  all  Apple  trademarks  from  Apple  Corps.  Ltd.,  the 
record  company  set  up  by  The  Beatles,  ending  a  long-running 
trademark  dispute.  No  word  on  whether  Apple  will  begin  sell¬ 
ing  The  Beatles'  music  through  its  ITunes  Store. 

Nortel  CFO  exits.  For  a  company  seeking  to  regain 
financial  stability,  it  can't  be  a  good  sign  that  Nortel  CFO  Peter  Currie 
announced  his  resignation  last  week.  Analyst  Ittai  Kidron  of  CIBC  World 
Markets  wrote:  "This  may  be  a  signal  that  the  patience  of  the  team  is 
wearing  thin  on  a  slow  turnaround." 

Don't  get  the  bloggers  mad.  Google's  Blogger  ser¬ 
vice  has  been  generating  a  steady  stream  of  complaints  from  users  this 
year,  including  hours-long  outages,  feature  malfunctions  and  data  loss.  The 
problems  are  particularly  frustrating  to  users  who  migrated  to  the  service's 
new  version.  Google  says  most  bugs  are  isolated  incidents  and  that  Blogger's 
stability  will  improve  as  migration  to  the  new  platform  progresses. 


CEOs  polled  “depicted  IT  as 
demonstrating  proactive  leader¬ 
ship  for  process  improvement.” 

App  performance 
disappoints 

■  Large  organizations  are  wast¬ 
ing  time  and  effort  correcting 
performance  problems  with 
enterprise  applications  because 
they’re  not  doing  the  necessary 
upfront  work,  according  to  a 
report  by  INS.  The  consulting 
firm’s  survey  of  75  IT  profession¬ 
als  found  that  more  than  one- 
third  of  new  or  upgraded  enter¬ 
prise  applications  fail  to  meet 
initial  performance  expecta¬ 
tions.  Enterprises  could  avoid 
such  problems  by  completing  an 
impact  assessment  to  determine 
—  before  deployment  —  the 
sensitivity  of  an  application  to 
underlying  network  and  system 
conditions,  according  to  the 
report.  Yet  only  25%  of  survey 
respondents  always  complete 
these  assessments. 


■  CONTACT  US  Network  World,  118Turnpike  Road,  Southborough,  MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438;  E-mail:  nwnews@nww.com; 
STAFF:  See  the  masthead  on  page  10  for  more  contact  information.  REPRINTS:  (717)  399-1900 

■  SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444;  Fax:  (508)  490-6400;  E-mail:  nwcirc@nww.  com;  URL:  www.subscribenw.com 


PEER8AY 

From  our  online  forums 


m  Hope  for  the  clueless. 

Users  discuss  how  to  make 
better  security  decisions.  One 
writes:  "In  a  quarter  century 
in  the  IT  business,  it's  pretty 
clear  that  it  isn’t  just  security 
decisions  that  are  poorly 
made.  But  what  can  a  well- 
meaning  but  clueless  man¬ 
ager  do?  One  thing  they  might 
do  is  ask  their  staff.  Often, 
clueless  managers  manage 
competent  staff.  A  clueless 
manager  who  asks  the  opin¬ 
ions  of  their  staff  is  generally 
better  than  a  competent  man¬ 
ager  who  doesn't." 
www.nwdocfinder.com/7330 

■  Google  and  free  speech. 

One  NetworkWorld.com  visitor 
reads  our  story  about  a  Google 
executive  discussing  the  role 
of  the  Internet  in  fostering  free 
speech  and  calls  foul:  "What 
can  be  more  hypocritical  than 
this?  Google,  which  censors  its 
own  searches  in  China,  lectur¬ 
ing  on  free  access  to  infor¬ 
mation?” 

www.nwdocfinder.com/7331 

■  How  to  get  him  to  switch 
from  Windows  to  Linux.  A 

user  writes:  “I  will  switch  in  a 
heartbeat  if  the  current 
Windows  applications  run  the 
same  on  the  Linux  Desktop 
system  rather  than  going  to 
Vista  and  paying  the  extra 
cost,  both  in  dollars  and 
bloated  system  require¬ 
ments." 

www.nwdocfinder.com/7332 

a  Cisco,  meet  Wal-Mart. 

Brad  Reese  thinks  if  Cisco 
wants  to  expand  its  telepres¬ 
ence  effort,  it  should  team  up 
with  the  giant  retailer:  “Wal- 
Mart  alone  having  Cisco 
TelePresence  would  create 
immense  demand  by  its  suppli¬ 
ers  jockeying  for  more  sales  to 
Wal-Mart  to  adopt  Cisco 
TelePresence.  In  fact,  the  cost 
savings  of  a  Wal-Mart  Supplier 
no  longer  required  to  maintain 
huge  staffs  in  Bentonville, 

I  Ark.,  could  be  the  reason 
j  alone  for  buying  Cisco  Tele¬ 
presence.” 

www.nwdocfmder.com/7333 

n  File  sharing  on  a  small 
network.  Users  trade  tips. 

!  www.nwdocfinder.com/7334 
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BLOGOSPHERE 

What  the  Dell? 

Plus:  Gates  loses  sense  of  humor  and  YouTube  builds  a  revolution 


What  the  Dell?  Michael  Dell  returned  to  the 
CEO  spot  at  his  namesake  company  but  how 
quickly  can  he  turn  things  around  at  Dell?  That’s 
the  question  Linda  Musthaler  poses  in  her  Tech 
Exec  blog.  While  she’s  rooting  for  Dell, she  notes 
its  competitors  have  made  tremendous  gains 
against  it  in  recent  years.  She  writes:  “I’ll  praise 
Dell’s  low-cost  direct  model  for  the  1980s  and 
1990s  when  the  computer  industry  needed  a  lit¬ 
tle  humbling.  It’s  his  turn  to  take  a  few  lessons 
from  the  competitors  and  learn  how  to  offer 
something  more  than  a  low-cost  product 
ordered  over  the  Internet.”  www.nwdocfind 
er.com/7345 

Come  on,  Bill!  Bill  Gates  sees  no  humor  in  the 
“Mac  vs.  PC”  commercials  that  have  been  such  a 
hit  for  Apple;  he  made  that  abundantly  clear  in  a 
recent  Newsweek  interview.  In  Buzzblog,  on  the 
other  hand,  Paul  McNamara  says  he  has  come 
around  on  the  subject  and  wishes  to  amend  his 


earlier  disapproval  of  the  ads  —  or  at  least  be  on 
record  as  appreciating  the  humor,  unlike  a  cer¬ 
tain  billionaire,  www.nwdocfinder.com/7346 

YouTube  killed  the  TV  star.  Just  how  much 
has  YouTube  changed  the  world  in  its  short  life? 
For  the  TV  crowd,  quite  a  bit,  Layer  8  says.  A 
recent  poll  found  that  14%  of  online  U.S.  adults 
visit  the  site  frequently  and  41%  of  18-  to  24-year- 
old  males  say  they  visit  YouTube  frequently  The 
kicker  is  that  one  in  three  respondents  say 
they’re  watching  less  television  because  of 
YouTube  www.nwdocfinder.com/7347 

When  the  printer  doesn’t  work.  One  of  the 

great  things  about  YouTube  is  that  you  don’t  have 
to  be  on  the  site  to  view  the  videos.  Adam  Gaffin 
embeds  a  YouTube  video  in  his  Compendium 
blog  that  shows  a  guy  approaching  a  printer  prob¬ 
lem  in  a  novel  way  www.nwdocfinder.com 
/7348 


Hot  Seat  interviews,  the  coolest  tools  and  more 


Hot  Seat: 

Turbo¬ 
charge 
your 

database. 

Avokia  CEO  Alan 
McMillan  explains  how  his 
company  can  virtualize 
databases  that  are  thou¬ 
sands  of  miles  from  each 
other. 

www.nwdocfmder.com/7327 


Cool  Tools: 

Mapping 
the  globe. 

Ever  won¬ 
der  how 
mapping  services  and 
GPS  devices  get  their  map 
data?  Keith  Shaw  finds  out 
from  Tele  Atlas  during  a 
Las  Vegas  ride-around  in 
the  company’s  mobile 
mapping  van. 
www.nwdocfinder.com/7328 


Twisted  Pair: 

Why  don’t  I 
have 
20/20 
vision  for 
playing  Pac-Man?  Keith  and 
Jason  Meserve  discuss 
issuing  tickets  for  listening 
to  an  iPod  while  crossing 
the  street,  and  whether 
playing  video  games 
improves  your  vision. 
www.nwdocfinder.com/7329 


ASK  THE 

HELPDESK  Find  the  answers  to  these  prickly  problems  online. 

This  week:  Setting  up  a  NAS  system. 


Ron  Nutter  helps  a  user  figure  out  the  best  way 
to  set  up  a  network-attached  storage  system. 

Help  Desk  response: 
www.nwdocfinder.com/7335 

Tom  Bowers  looks  at  how  to  get  started  with 
content  monitoring  as  a  way  to  plug  internal 
information  leaks..  Help  Desk  response: 
www.nwdocfinder.com/7336 


Robin  Gareiss  examines  the  continued  growth 
of  branch  networks. 

Help  Desk  response: 
www.nwdocfinder.com/7337 

M.E.  Kabay  discusses  e-mail  retention  policies. 

Help  Desk  response: 
www.nwdocfinder.com/7338 


BEST  OF  MW’S 

ETTERS 

Using  fault 
tolerance 
in  virtual 
environments 

Plus:  Storage  vendors 
go  green;  Handling 
hidden  Wi-Fi  nodes 

Servers:  Senior  Editor 
Jennifer  Mears  reports  that 
some  customers  are  using 
fault-tolerant  servers  to  harden 
virtual  environments. 
www.nwdocfinder.com/7339 

Unified  communications: 

Messaging  Architects  acquires 
NetMail  and  takes  over  the 
Hula  project.  Analyst  Michael 
Osterman  reports. 

www.nwdocfinder.com/7340 

Storage  in  the  enterprise: 

Senior  Editor  Deni  Connor 
reports  that  the  data  center  is 
going  green  and  storage  ven¬ 
dors  are  squeezing  it  for  all  it’s 
worth. 

www.nwdocfinder.com/7341 

ISP  news  report:  The  con¬ 
vergence  of  wireline,  cable 
and  mobile  networks  is  getting 
closer  to  reality.  And  the  tech¬ 
nology  that’s  expected  to  make 
it  all  happen  —  known  as  IP 
Multimedia  Subsystem  —  is 
maturing  quickly.  Senior  Editor 
Carolyn  Duffy  Marsan 
explains. 

www.nwdocfinder.com/7342 

Wireless  in  the  enterprise: 

If  your  Wi-Fi  performance  is 
degrading,  one  contributor 
could  be  multiple  client 
devices  that  are  all  within 
range  of  a  common  access 
point,  but  too  far  away  from 
each  other  to  detect  the  oth¬ 
ers’  presence.  Editor  Joanie 
Wexler  explains. 
www.nwdocfinder.com/7343 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40 
newsletters  on  key  network  topics. 

www.nwdocfinder.com/1 002 


.INFRASTRUCTURE  LOG 


_DAY  33:  Our  information  is  siloed.  Unmanageable . 
People  can’t  access  the  latest  info  to  make  decisions. 
Gil’s  resorted  to  giving  everyone  access  to  everything 
all  at  once. 

-Monitors  now  outnumber  humans  18  to  1. 

-DAY  36:  It’s  clear  to  me.  We  need  an  IBM  Information 
On  Demand  middleware  solution.  Info  will  be  liberated 
from  the  silos — available  when  we  need  it,  whatever 
the  format.  Accurate  and  in  context.  Now  we  can  make 
smarter  decisions  and  deliver  real  business  value. 


-Access  is  a  beautiful  thing. 


Information  Management 


See  innovative  IBM  Info  Management  solutions  in  action: 

IBM.COM/TAKEBACKCONTROL/INFO 
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Microsoft  readies  Windows  Mobile  6 


BY  JOHN  COX 

Next  week’s  3GSM  World  Cong¬ 
ress,  the  annual  love  test  for  the 
global  cellular  industrywill  be  the 
venue  for  an  array  of  new  prod¬ 
ucts  designed  to  give  enterprises 
more  capabilities,  control  and 
security  over  mobile  computing. 

Microsoft  is  unveiling  at  the 
event  in  Barcelona,  Spain,  the  lat¬ 
est  iteration  of  its  Windows  Mobile 
operating  system.  Separately, 
Nokia  will  showcase  the  first  fruits 
of  its  acquisition  of  mobile  mid¬ 
dleware  vendor  Intellisync,  with  a 
new  release  of  that  company’s 
Mobile  Suite  software. 

Sponsored  by  the  GSM  Assoc¬ 
iation,  the  conference  is  expect¬ 
ed  to  draw  about  60,000  people, 
up  from  50,000  last  year.  Exhibits 


by  about  1,300  vendors  will 
include  carriers  and  mobile 
operators,  their  equipment  and 
software,  handset  manufacturers 
and  a  growing  crowd  of  content 
providers. 

Windows  Mobile  6 

Analysts  say  Windows  Mobile  6 
is  an  evolutionary  advance  over 
Version  5.  The  emphasis,  they  say, 
has  been  on  exploiting  for  hand¬ 
helds  features  found  in  Microsoft 
Exchange  Server  2007, simplifying 
the  experience  of  working  with 
the  user  interface  and  adding 
more  controls  for  enterprise  net¬ 
work  administrators. 

Among  the  new  features: 

•  Information  rights  manage¬ 


ment:  To  protect  sensitive  data, 
users  and  administrators  now  can 
restrict  who  sees,  edits,  stores  and 
forwards  e-mail  and  attachments. 

•  Encryption  of  client-based 
storage  cards,  support  for  Ex¬ 
change  Server  security  and  certifi¬ 
cate  policies  and  options. 

•  New  mobile  versions  of  .Net 
Compact  Framework  and  SQL 
Server,  for  integration  with  existing 
enterprise  applications. 

•  One-click  connection  over 
Bluetooth  or  cable  to  use  a  smart 
phone  as  a  modem  for  a  hand¬ 
held. 

•  Support  for  HTML  e-mail:  URLs 
and  phone  numbers  included  in 
e-mails  now  appear  as  live  links. 

•  Searching  the  corporate  Mi¬ 


crosoft  Exchange  Server  from  the 
handheld  for  past  e-mails. 

•  All  Microsoft  Office  Mobile  ap¬ 
plications — Word, Excel  and  Pow¬ 
erPoint  —  are  now  on  all  variants 
of  Windows  Mobile  6  devices; 
users  have  full  editing  capabilities 
for  all  three  applications. 

•  Windows  Live  for  Windows 
Mobile  client,  giving  users  inte¬ 
grated  access  to  a  range  of  online 
Windows  Live  services,  including 
search  and  e-mail. 

•  A  built-in  VoIP  client  that  can 
make  use  of  contact  data  on  the 
handheld  to  make  and  manage 
voice  calls. 

“Most  of  the  features  they’ve 
added  are  under  the  hood,  many 
of  them  for  IT  managers,”  says  Avi 


Greengart,  principal  analyst  of 
mobile  devices  at  Current  Anal¬ 
ysis.  “If  you’re  a  corporate  appli¬ 
cation  developer  with  500  users, 
and  you’re  trying  to  create  a 
semicustom  business  applica¬ 
tion,  and  you  can  leverage  exist¬ 
ing  Windows  development  re¬ 
sources,  then  Windows  Mobile 
makes  a  lot  of  sense.” 

Nokia  Intellisync 

Nokia  is  releasing  its  Intellisync 
Mobile  Suite  8.0,  the  first  release 
to  combine  features  of  its  Intel¬ 
lisync  acquisition  last  year  with 
code  that  Nokia  developed  for  its 
Business  Center  product.  Mobile 
Suite  is  a  server-based  gateway 
used  behind  the  corporate  fire¬ 
wall,  that  links  corporate  e-mail 
servers,  such  as  Exchange  and 
Domino,  with  a  wide  range  of 
mobile  devices  and  operating  sys¬ 
tems.  Two  other  parts  of  the  suite 
handle  device  management  and 
provisioning,  as  well  as  data  and 
file  synchronization. 

In  Version  8.0,  Nokia  has  com¬ 
pletely  redesigned  the  user  inter¬ 
face  to  create  a  consistent  behav¬ 
ior  across  devices  and  operating 
systems,  drawing  on  the  work 
done  for  the  Nokia  Business 
Center.  The  emphasis  for  Version 
8.0  was  less  on  creating  new  icons 
and  appearances  and  more  on 
consistent  functions  and  tasks, 
such  as  opening  an  e-mail  on  any 
supported  device  and  having  the 
options  of  replying  via  email, 
sending  a  voice  mail  or  making  a 
cell  phone  call  to  the  sender,  says 
Dave  Grannan,  general  manager 
for  mobility  solutions  in  Nokia 
Enterprise  Solutions  group. 

Nokia  has  changed  pricing. 
Previously,  Intellisync  cost  $160 
per  mobile  client.  Nokia  has 
reduced  that  to  $129  but  offers 
enterprises  the  option  of  buying  a 
Mobile  Suite  server  license  for 
about  $3,000. 

That  includes  unlimited  use  of 
the  basic  Mobile  Suite  e-mail 
client,  which  lets  you  reply  and 
forward  e-mails,  but  allows  limited 
storage  and  lacks  scheduling  as 
well  as  access  to  a  global  corpo¬ 
rate  e-mail  director.  Users  can  start 
with  this  server  package  and  then 
add  more  advanced  e-mail  ser¬ 
vices  as  well  as  device  manage¬ 
ment  and  synchronization  as 
desired.  ■ 


AJAX  races  development  challenges 


I  Pandora  Community  '■*.  1 1  More  About  the  Music  1  f  Minimize 


Pandora.com  lets  users  create  their  own  radio  stations  by  typing  in  favorite  songs  or  albums.  The 
Pandora  system  then  hunts  for  similar  music.  Because  Pandora  uses  AJAX  technology,  users  can  per¬ 
form  a  number  of  tasks  -  such  as  giving  a  “thumbs  up”  or  ‘thumbs  down"  to  a  song,  or  searching  for 
radio  stations  developed  by  other  users  -  all  without  having  to  refresh  the  Web  page. 


BY  JON  BRODKIN 

New  research  suggests  that  not  many  large 
retailers  are  using  the  set  of  scripting  compo¬ 
nents  known  as  Asynchronous  JavaScript  + 
XML  to  make  over  their  Web  sites.  But  at  least  a 
few  companies  using  AJAX  techniques  to  cre¬ 
ate  interactive  Web  applications  say  they  have 
been  able  to  improve  customer  experience 
while  avoiding  prohibitive  development  costs. 

AJAX  technologies  are  used  to  build  Web 
functions  that  mimic  the  responsiveness  of 
desktop  applications.  Browsers  can  run  AJAX 
programs  locally  and  refresh  content  incre¬ 
mentally  rather  than  reload  an  entire  Web 
page.  As  the  popularity  of  the  development 
style  has  grown,  tool  kits  designed  to  make  it 
easier  for  developers  to  write  AJAX  applica¬ 
tions  have  sprung  up  from  a  number  of  play¬ 
ers,  including  Backbase,  Google,  JackBe  and 
Laszlo  Systems. 

The  makers  of  Gliffy  an  online  program  that 
lets  users  draw  and  share  diagrams,  used  an 
open  source  platform  called  OpenLaszlo  to 
help  build  their  site. 

“They  make  it  so  much  easier  to  do  develop¬ 
ment, ’’Chris  Kohlhardt,  Gliffy  president  and  co¬ 
founder,  says  of  Laszlo  and  similar  tool  kits.“We 
have  two  guys  who  were  able  to  build  this 
entire  thing  using  just  Laszlo  and  their  brains.” 
Salary  was  the  only  major  expense,  according 
to  Kohlhardt,  who  is  based  in  San  Francisco. 

“We're  so  much  different  than  a  static  Web 
page,”  he  says.“You  can  actually  create  pictures 
within  your  Web  browser” 

Brulant,  an  Ohio  firm  that  does  marketing 
and  Web  site  design,  recently  examined  the 
sites  created  by  115  of  the  top  200  Internet 
retailers  and  found  that  only  one  in  four  uses 
some  type  of  AJAX  technique.  Only  6%  use 


advanced  AJAX  techniques,  the  firm  says. 

Blockbuster,  Hollywood  Video  and 
Amazon.com  are  among  those  leading  the 
way  in  AJAX,  says  Mark  Fodor,  a  partner  at 
Brulant  who  performed  the  study  Hollywood 
Video’s  site,  for  example,  allows  users  to  rate 
movies  from  one  to  five  stars  and  place  films  in 
a  wish  list  without  having  to  reload  a  page. 

The  idea  is  to  create  a  program  that  can  run 
on  its  own  within  a  Web  browser,  says  David 
Temkin,  co-founder  of  Laszlo  Systems.  When  a 
user  clicks  on  an  element  built  with  AJAX, “cer¬ 
tain  things  happen  that  may  not  go  back  to  the 
server  at  all,”  Temkin  says.  “When  it  does  go 
back  to  the  server  it’s  not  to  get  a  whole  new 
document.” 

The  techniques  behind  AJAX  have  existed 
for  many  years,  but  two  events  created  a  surge 
of  interest  in  the  Web-design  approach.  One 
was  the  coining  of  the  term  ‘AJAX”  in  2005  by 
information  architect  Jesse  James  Garrett,  and 


the  other  was  the  development  of  Google 
Maps,  which  sends  an  XML  datastream  to  a 
browser  to  let  users  search  the  globe  and 
zoom  in  on  maps  and  satellite  images. 

“What  people  discovered  is  the  particular 
AJAX  technique  used  by  Google  Maps  is  rela¬ 
tively  easy  for  a  programmer  to  add  into  appli¬ 
cations,”  says  Tom  Conrad,  CTO  at  Pandora,  an 
Oakland, Calif., company  whose  AJAX-powered 
site  lets  users  build  their  own  radio  stations. 

Despite  its  reputation  for  simplicity  AJAX 
poses  challenges,  and  it  should  not  be  used  in 
every  type  of  Web  page,  according  to  a  white 
paper  by  Interakt,  a  Web-design  company 
owned  by  Adobe. 

There  are  unanswered  questions  about  secu¬ 
rity  and  user  privacy,  and  a  big  concern  with 
AJAX  is  accessibility  for  disabled  people, 
because  not  all  browsers  completely  support 
JavaScript  or  the  XMLHttpRequest  object,  the 
Interakt  white  paper  says.  ■ 


.INFRASTRUCTURE  LOG 


_DAY  18:  Everything  is  frozen.  It’s  our  processes.  f-r- — 

They’re  inflexible.  We  can’t  respond  to  change. 

_Why  did  we  lock  ourselves  in  like  this?  Brrrr. 


service  oriented  architecture. 

.Everything’s  unfrozen  now.  Wow,  it’s  good  to  feel 
my  toes  again. 


.DAY  19:  A  way  out.  IBM  WebSphere  middleware  for 
Business  Process  Management.  It  lets  us  streamline 
business  tasks.  We  can  test  our  processes  before  we 
roll  them  out  and  monitor  performance  once  they’re 
deployed,  and  reuse  is  easy  because  it’s  based  on  a 


WebSphere 


Take  the  BPM  with  SOA  Assessment  at: 

IBM.COM/TAKEBACKCONTROL/PROCESS 


IBM,  the  IBM  logo  and  WebSphere  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2006  IBM  Corporation.  All  rights  reserved. 
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RSA 

continued  from  page  1 

systems  (IPS),  database  security 
products  and  identity  manage¬ 
ment  tools  —  that  if  not  stand¬ 
alone,  also  didn’t  fulfill  the  grand 
designs  called  for  in  the  tone-set¬ 
ting  speeches. 

Cisco  took  a  stab  at  moving 
beyond  individual  technologies 
with  announcements  about  inte¬ 
grating  its  IPS  with  its  security 
client,  but  that  was  just  a  step 
along  the  way  to  delivering  on  a 
defense-in-depth  strategy 

Meanwhile,  many  of  the  15,000 
attendees  were  told  that  the  secu¬ 
rity  threats  they  face  are  becoming 
more  sophisticated  and  capable 
of  inflicting  devastatingly  costly 
harm.  This  puts  pressure  on  com¬ 
panies  being  asked  by  customers 
and  partners  to  boost  their  online 
offerings,  said  John  Thompson, 
chairman  and  CEO  of  Symantec. 


EYE  ON  THE  CARRIER 
Johna  Till  Johnson 


There’s  a  geek  version  of  the 
question,  “What  is  the  meaning 
of  life?”  It’s  this:  “Why  do  some 
technologies  take  off  while  oth¬ 
ers  fail?” 

More  specifically,  what  are  the 
essential  characteristics  of  suc¬ 
cessful  technologies?  And  why 
does  anyone  use  new  technology 
in  the  first  place? 

I’ve  focused  a  lot  of  my  career 
looking  for  answers  to  these 
questions,  and  here’s  the  short 
answer:  pain. 

I’m  indebted  to  my  friend  Pip 
Coburn,  author  of  “The  Change 
Function,”  who  puts  it  very  suc¬ 
cinctly:  “People  change  habits 
when  the  pain  of  their  current  sit¬ 
uation  exceeds  their  perceived 
pain  of  adopting  a  possible  solu¬ 
tion.”  In  other  words,  new  technol¬ 
og}'  is  adopted  when  it  appears  to 
remediate  the  pain  felt  by  the  lack 
of  said  technology. 

But  there  are  several  gotchas. 
First  is  that  the  “pain”  isn’t  always 
obvious.  For  example,  what  was 
the  “pain”  that  people  felt  before 
iFbds?  It’s  a  trick  question.  You’d 
probably  say, “the  inability  to  carry 


“Consumers  will  demand  that 
enterprises  conform  to  a  certain 
level  of  security  before  they  will 
connect,”  he  said. 

That  pressure  is  understood  by 
eBay  Marketplaces’  CISO  David 
Cullinane,  who  talked  during  a 
show  session  about  the  chal¬ 
lenges  of  developing  secure  Web- 
commerce  applications  quickly. 
“We  want  code  that’s  written 
properly  but  other  factors  matter. 
The  rate  of  change  [in  Web  busi¬ 
ness  applications]  is  amazing 
and  the  throughput  is  mind-bog¬ 
gling.  If  you  do  too  much  security 
you  bog  down  the  Web  site,” 
Cullinane  said. 

The  problem  goes  beyond  busi- 
ness-to-customer  interactions, 
said  Caleb  Sima,  a  member  of  the 
Secure  Software  Forum  and  co¬ 
founder  of  SPI  Dynamics,  who 
also  spoke  at  the  conference. 

“If  you’re  a  business  where  users 
browse  the  Web  [legitimately] 
and  hackers  take  over  a  browser, 


your  MP3  tunes  with  you”  —  but 
you’d  be  wrong.You  could  do  that 
long  before  the  iPod  —  I  had  a 
60G  MP3  player  from  RCA  years 
before  the  iPod  came  out. 

No,  the  real  pain  was  that  I 
looked  like  an  old-school  “pocket- 
protector”-style  geek,  with  my 
clunky  black  box  that  had  the 
ease  of  use  of  an  IBM  MVS  system. 
The  “pain”  that  Apple  addressed 
with  the  iPod  was  being  able  to 
bring  your  tunes  without  looking 
like  a  dork,  and  to  configure  your 
play  lists  without  a  computer  sci¬ 
ence  degree.  Remember  all  those 
billboards  with  hip  people  danc¬ 
ing  with  their  iPods?  Sometimes 
it’s  not  the  feature-function  that 
matters  —  it’s  the  secondary 
issues,  like  design  and  ease  of  use. 

A  second  issue  —  particularly 
key  for  enterprises  —  is  that  the 
“pain”  felt  by  organizations  isn’t 
the  same  as  that  felt  by  individu¬ 
als.  I’ve  touched  on  this  before, 
with  Alexander  the  Great’s  inven¬ 
tion  of  the  sarissa.The  sarissa  is  the 
16-foot  pike  with  which  Alexander 
armed  his  foot  soldiers.  From  the 
soldier’s  perspective,  a  16-foot  pike 
is  painful:  It’s  heavy  unwieldy  and 
not  nearly  as  much  fun  as  the 
weapon  of  choice  in  330  BC  (the 
short  sword). 


they  can  use  it  as  a  tool  to  look  at 
the  internal  network  and  send 
data  outside  the  network,” he  said. 

This  can  lead  to  hackers  stealing 
from  individual  users,  Sima  said. 
For  instance,  once  a  browser  is 
commandeered,  the  hacker  can 
crack  passwords  and  learn  a 
user’s  activities  on  the  Internet. 
“They  can  go  to  stocktrader.com 
and  trade  your  stock  while  you’re 
logged  in  . . .  and  you  won’t  know 
it,” Sima  said. 

All  this  leads  to  issues  of  corpo¬ 
rate  liability  for  damages  done 
due  to  corporate  security  breach¬ 
es,  said  Ben  Wilson,  an  attorney 
who  co-chairs  an  American  Bar 
Association  committee  on  infor¬ 
mation  security  That  could  mean 
enormous  penalties  against  busi¬ 
nesses  that  fail  to  protect  personal 
data,  he  said. 

State  laws  vary  as  to  how  much 
security  businesses  must  have  in 
place  to  protect  data  and  whether 
they  have  to  notify  customers 


But  armies  aren’t  designed  for 
the  ease  and  comfort  of  soldiers. 
From  Alexander’s  perspective,  the 
“pain”  was  losing  battles  —  and 
sarissas  cured  that  pain,  helping 
Alexander  defeat  the  Persians  and 
conquer  the  civilized  world. 

The  bottom  line  was  that  the 
pain  of  the  crisis  accrued  to 
Alexander,  and  the  pain  of  adop¬ 
tion  accrued  to  the  soldiers.  But 
because  the  pain  of  lost  battles 
(to  Alexander)  exceeded  the 
pain  (to  soldiers)  of  carrying 
sarissas,  the  sarissa  was  adopted. 

Any  IT  executive  who’s  imple¬ 
menting,  say  a  security  architec¬ 
ture  is  well  aware  of  this  chal¬ 
lenge:  What’s  best  for  the  users  as 
individuals  may  not  be  best  for 
the  organization  as  a  whole.  (Try 
that  next  time  a  user  complains 
about  not  being  able  to  install 
software  on  his  desktop!) 

The  bottom  line:  Technologies 
succeed  if  the  net  effect  of 
adopting  them  is  to  reduce  the 
perceived  pain  felt  by  the 
adoptees. 

Johnson  is  president  and  chief 
research  officer  at  Nemertes 
Research,  an  independent  technol¬ 
ogy  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


whose  data  is  compromised, 
Wilson  said.  That  makes  taking 
legal  action  tricky  for  example,  for 
those  who  might  live  in  Florida 
but  whose  bank  compromises 
their  personal  data  in  a  breach  in 
California. 

In  addition,  criminals  who  steal 
data  such  as  customer  credit  card 
numbers,  Social  Security  numbers 
and  account  numbers  are  learn¬ 
ing  to  hang  onto  the  data  for  more 
than  a  year  to  increase  its  value, 
said  Jon  Stanley  whose  Cape 
Elizabeth,  Maine,  firm  specializes 
in  database  breach  cases. 

“It’s  the  vintage  wine  syndrome,” 
he  said.“You  wait  until  it  ages.” 

By  waiting  until  the  heat  is  off, 
the  data  is  more  valuable.  Typi¬ 
cally,  heightened  credit  monitor¬ 
ing  goes  away  after  a  year,  he  said, 
at  which  time  those  with  the  com¬ 
promised  data  can  use  it  with  less 
fear  of  getting  caught.  They  then 
sell  the  data  to  people  who  want 
to  exploit  it. 

That  is  when  people  whose  data 
has  been  stolen  will  start  suffering 
real  damages,  which  is  the  legal 
test  for  whether  they  can  sue  to 
get  their  money  back, Wilson  said. 
And  that  is  when  they  will  sue 
companies  responsible  for  losing 
the  data  for  potentially  huge  sums 
of  money  which  could  be  further 
boosted  by  regulatory  fines,  he 
added. 

The  RSA  Conference  also  had 
space  for  the  nontechnical,  in¬ 
cluding  warnings  from  Bruce 
Schneier,  BT  Counterpane  CTO, 
that  network  security  executives 
need  to  watch  themselves  to 
make  sure  their  decisions  are 
made  using  fact  and  reason,  not 
fear  and  emotion. 

“We  make  bad  security  trade¬ 
offs  when  our  feeling  and  our 
reality  are  out  of  whack,”  he  said. 
“You  can  see  vendors  and  politi¬ 
cians  manipulating  these  biases.” 
In  the  world  of  business,  human 
psychology  plays  a  strong  role  in 
decisions  about  acquiring  securi¬ 
ty  defenses  as  well,  he  asserted. 

Schneier  acknowledged  that 
security  is  an  art  in  which  experts 
have  to  decide  what  network  ele¬ 
ments  or  data  warrant  the  most 
stringent  protection.  “We  make 
these  trade-offs  every  day’  he  said. 

But  in  making  those  trade-offs, 
security  professionals  should  not 
give  in  to  emotion  and  intuition. 
Most  people  are  optimistic  that 
they  won’t  be  the  victim  of  an 
attack  even  though  they  know  an 
attack  is  possible.  “We  tend  to 
think  we’ll  be  luckier  than  the 
rest,”  he  said.  ■ 
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Five  tips  for  preventing  DNS  attacks 

The  Internet’s  DNS  system  uses  several  techniques  to  stay 
up  and  running  in  face  of  distributed  denial-of-service  (DoS) 
attacks  such  as  those  launched  last  week.  DNS  experts  offer 
the  following  suggestions  of  what  you  can  do  to  improve  the 
resilience  of  your  corporate  DNS  infrastructure: 

•  Use  multiple  DNS  servers  distributed  around  the  globe.  Some  root  servers  use  a 

technique  called  Anycast  to  distribute  their  content  across  dozens  of  servers  around 
the  world.  If  you  increase  the  number  of  DNS  servers  you  have,  your  DNS  infrastructure 
will  be  less  vulnerable  to  attack  in  any  one  location  or  region. 

•  Keep  current  copies  of  your  DNS  records.  If  you  keep  current  copies  of  your  DNS 

records  on  one  or  more  secondary  servers,  you  will  still  have  access  to  that  information 
if  your  primary  DNS  server  is  attacked. 

•  Use  the  latest  version  of  DIND.  Make  sure  you  are  using  the  current  version  of 

Berkeley  Internet  Name  Domain,  the  open  source  software  that  runs  most  DNS 
servers.  Older  versions  of  BIND  have  known  security  issues.  The  current  release  of 
BIND  is  9.3.4. _ _ 

•  Ask  your  ISP  about  distributed  DoS  prevention.  Ask  your  ISP  what  steps  it  is  taking  to 

prevent,  minimize  and  isolate  distributed  DoS  attacks.  Find  out  if  your  ISP  is  deploying 
Anycast  DNS  server,  distributed  DoS  filtering  and  trace-back  technologies  used  to  isolate 
botnet  attacks.  Ask  if  service  levels  are  guaranteed  or  statistical. 

•  Multihome  your  Internet  applications  across  two  carriers.  Your  Web  site  and  IP 

network  are  more  likely  to  withstand  an  attack  if  they  have  access  to  two  IP 
infrastructures  run  by  separate  carriers. 


Attack 

continued  from  page  1 

servers,  which  oversee  the 
Internets  DNS.The  DNS  is  a  glob¬ 
al  distributed  database  system 
that  matches  domain  names  with 
corresponding  IP  addresses. 

Three  root  servers  —  operated 
by  the  Department  of  Defense,  the 
Internet  Corporation  for  Assigned 
Names  and  Numbers  (ICANN) 
and  the  Widely  Integrated  Distrib¬ 
uted  Environment  (WIDE)  Project 
—  were  inundated  with  phony 
requests  from  a  group  of  compro¬ 
mised  PCs,  called  a  botnet. 

Michael  Witt,  deputy  director 
of  US-CERT’s  cybersecurity  sec¬ 
tion,  who  spoke  at  a  panel  dis¬ 
cussion  at  the  RSA  Conference 
last  week,  said  the  DNS  root 
server  attack  was  targeted  at 
three  root  servers,  known  as  G,  L 
and  M.  “G  is  the  military’s  top- 
level  domain,”  Witt  said. 
According  to  information  at  the 
US-CERT  Web  site,  L  operates  on 
behalf  of  ICANN  and  M  is  dedi¬ 
cated  to  the  WIDE  Project. 

“The  attacks  didn’t  impact  the 
root-level  servers,”  Witt  said.  “They 
continued  to  do  their  job.  The 
Department  of  Defense  had  no 
impact  toward  degradation  on 
their  network.” 

Witt  said  mitigation  of  the  attack 
was  carried  out  with  the  help  of 
the  North  American  Network  Op¬ 
erators  Group. “We  worked  closely 
with  those  in  the  organization  to 
minimize  that  attack,”  he  said. 

While  these  three  root  servers 
were  disrupted  by  the  botnet 


attack,  10  other  root  servers 
worked  fine.  Overall,  the  Internet’s 
service  suffered  little  disruption, 
and  few  corporate  users  noticed 
that  the  attacks  were  happening. 

“This  attack  was  maybe  one- 
tenth  of  the  size  of  earlier  attacks 
that  we’ve  seen  on  the  DNS  infra¬ 
structure,”  Arbor  Networks’  Mc¬ 
Pherson  says. “It  wasn’t  really  that 
large,  and  it  started  tapering  off 
quickly  More  importantly  the  user 
experience  was  not  that  far 
degraded.” 

This  was  the  first  major  attack 
against  the  root  servers  since  2002, 
when  all  13  root  servers  were  tar¬ 
geted  in  a  more  severe  distributed 
denial-of-service  (DoS)  attack. 

“The  oddest  thing  about  this 
attack  is  that  it  happened  at  all,” 
Bellovin  says.“We  haven’t  had  any 
major  pure  vandalism  attacks  in 
the  last  few  years.  The  energy  in 
the  hacking  world  has  shifted  to  a 
profit  motive.  Most  of  the  [distrib¬ 
uted]  DoS  attacks  we  see  are  for 
extortion.  Sports  gambling  sites 
are  especially  affected.” 

Howard  Schmidt,  former  White 
House  cybersecurity  adviser  and 
now  president  and  CEO  of  R&H 
Security  Consulting  in  Issaquah, 
Wash.,  says  the  fact  that  the 
attack  on  the  DNS  root  servers  last 
week  had  no  perceivable  effect 
on  the  public  indicates  how  re¬ 
silient  the  underlying  system  is. 
“But  we  shouldn’t  let  our  guard 
down,”  he  says. 

Schmidt  recalls  how  the  massive 
attack  in  February  2002,  when  he 
was  White  House  cybersecurity 
adviser,  also  had  no  perceivable 


public  impact  but  it  drew  atten¬ 
tion  to  the  potential  for  grave  con¬ 
sequences  in  loss  of  the  Internet. 

“We  didn’t  find  out  who  was 
doing  it  in  2002,”  Schmidt  says. 
“Until  we  catch  the  people  doing 
it,  we’ll  never  know  their  motiva¬ 
tion.” 

Good  news 

Security  experts  say  the  latest 
demonstration  of  the  Internet’s 
resilience  points  to  a  safe  future 
for  all  things  IP  That’s  because  the 
DNS  —  which  is  critical  to  the 
routing  of  all  information  on  the 
Internet  —  has  proven  itself 
against  many  and  varied  attacks 
over  the  years. 

Since  the  2002  root  server 
attack,  some  root  server  operators 
have  rolled  out  a  technique 
called  Anycast  to  copy  informa¬ 
tion  to  multiple  computers 
around  the  world. 

“The  name  servers  are  more 
resilient  to  this  type  of  attack 
today  than  they  were  five  years 
ago,”  Bellovin  says  “It's  not  that  any 
given  server  is  more  resilient;  it’s 
that  the  structure  as  a  whole  is 
more  resilient  because  they  are 
using  Anycast  servers.  There  are  a 
lot  more  servers  out  there,  so  the 
attackers  might  not  get  all  of 
them.” 

The  failure  of  the  latest  attack 
shows  how  hard  it  is  for  a  hacker 
to  bnng  down  the  DNS. 

“It  seems  unlikely  that  someone 
can  take  down  all  the  root 
servers,”  says  Scott  Perry  founder 
of  DNSstuff.com,  which  provides 
DNS  tools  to  IT  professionals. 
“While  there  are  13  root  servers, 
these  servers  are  mirrored  so  that 
over  100  servers  handle  the 
queries  that  go  to  the  root  server. 
Each  of  the  root  servers  has  one 
IP  address,  but  in  some  cases 
those  IP  addresses  are  Anycast  to 
as  many  as  40  different  comput¬ 
ers.  Because  of  that,  when  an 
attack  like  this  occurs.  ...  it  will 
only  affect  users  near  one  loca¬ 
tion.” 

These  attacks  are  no  reason  for 
corporations  to  hold  off  on  migrat¬ 
ing  key  applications  such  as  voice 
to  the  Internet,  experts  say 

“The  threats  for  something  like 
VoIP  are  more  within  the  enter¬ 
prise  than  within  the  Internet 
infrastructure,”  Bellovin  says. 
“You’re  much  more  likely  to  have 
a  virulent  infection  that  takes  you 
out  than  a  root  server  attack. . . . 
There  are  more  problems  near  the 
edges  of  the  Internet  than  in  the 
infrastructure.” 


Bad  news 

Despite  the  positive  outcome  of 
the  latest  attacks,  security  experts 
warn  against  complacency 

“I  don’t  know  if  a  serious 
effort  could  take  out  the  root 
server  system,”  Bellovin  says. 
“We’ve  heard  of  some  really 
large  botnets. . . .  The  steps  that 
have  been  taken  since  2002 
have  made  the  network  consid¬ 
erably  more  robust  and  resilient 
in  the  face  of  this  kind  of  attack. 
We  don’t  know  if  it’s  robust  or 
resilient  enough  yet.” 

A  botnet  attack  would  be  more 
significant  if  it  damaged  the  DNS 
servers  that  run  key  domains  such 
as  .com  or  .net.That’s  because  the 
root  servers  handle  far  fewer 
queries  than  the  .com  and  .net 
servers. 

“There’s  more  impact  at  the 
next  level  down  below  the 
root,”  says  Ken  Silva,  CSO  for 
VeriSign,  which  operates  two 
root  servers  as  well  as  the  reg¬ 
istries  for  .com  and  .net.  “The 
.com  servers  handle  450,000 
queries  per  second.  If  they  don’t 
work,  that’s  450,000  queries  per 
second  that  fail  to  connect.” 

Protecting  against  these  kinds 
of  attacks  is  why  VeriSign 
announced  this  week  a  three- 
year,  $100  million  effort  to 
upgrade  and  expand  the 
servers  and  network  infrastruc¬ 
ture  that  support  its  .com,  .net 
and  root  servers.  Dubbed 
Project  Titan,  the  initiative  will 


increase  the  capacity  of 
VeriSign’s  network  infrastruc¬ 
ture  10  times  by  2010. 

Project  Titan  will  “make  the 
entire  infrastructure  that  we  oper¬ 
ate  much  more  resilient  to  these 
attacks,”  Silva  says.  It  is  “without  a 
doubt  the  largest  upgrade  to  a 
DNS  top-level  domain  that’s  ever 
happened.” 

Few  companies,  government 
agencies  or  universities  that  run 
the  DNS  root  servers  on  a  volun¬ 
tary  basis  can  afford  the  kind  of 
investment  that  VeriSign  is  making 
with  Project  Titan. 

Corporate  network  managers 
also  need  to  stay  ahead  of  the 
game  by  continuing  to  invest  in 
distributed  DNS  servers  of  their 
own. 

McPherson  says  few  corpora¬ 
tions  could  withstand  the  kind  of 
attack  aimed  at  the  three  root 
servers  last  week. 

“This  was  a  2G  to  3Gbps  attack,” 
he  says.  “That  could  take  most 
enterprises  offline  pretty  easily . . . 
Attacks  like  this  are  pretty  easy  to 
launch.” 

McPherson  says  Arbor  Networks 
saw  DNS  amplification  attacks  as 
large  as  22G  to  25Gbps  during 
2006.  “They  were  pretty  ugly,  and 
the  scale  of  those  attacks  was  pret¬ 
ty  large,”  he  says.“The  root  servers 
are  pretty  resilient  but  most  enter¬ 
prises  are  not.” 

— Senior  Editor  Ellen  Messmer 
contributed  to  this  report. 


Counterstrike 

continued  from  page  1 

NCRCG,  who  hail  from  the  U.S.  Computer  Emergency  Readiness  Team 
(US-CERT),  the  Department  of  Justice  and  the  Defense  Department, 
last  week  described  how  they  would  seek  to  coordinate  a  national 
response  in  the  event  of  a  major  cyberevent  from  a  known  attacker. 

Last  week’s  massive  but  unsuccessful  denial-of-service  (DoS)  attack 
on  the  Internet’s  root  DNS,  which  targeted  military  and  other  networks, 
did  not  rise  to  the  level  of  requiring  a  response  but  made  the  possibil¬ 
ity  of  a  massive  Internet  collapse  more  real  than  theoretical.  Had  the 
attack  been  successful,  there  may  have  been  a  cyber  counterstrike  from 
the  United  States,  said  Mark  Hall,  director  of  the  international  informa¬ 
tion  assurance  program  for  the  Defense  Department  and  the  Defense 
Department’s  co-chair  to  the  NCRCG,  who  spoke  on  the  topic  of  cyber¬ 
response  during  the  RSA  Conference  here. 

“We  have  to  be  able  to  respond,”  Hall  said.“We  need  to  be  in  a  coordi¬ 
nated  response.”  He  noted  that  the  Defense  Department  networks,  sub¬ 
ject  to  millions  of  probes  each  day,  has  “the  biggest  target  on  its  back.” 

But  a  smooth  cyber-response  remains  a  work  in  progress.  The 
NCRCG’s  co-chairs  acknowledge  it’s  not  simple  coordinating  com¬ 
munications  and  information-gathering  across  government  and 
industry  even  in  the  best  of  circumstances, much  less  if  a  significant 

See  Counterstrike,  page  14 
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portion  of  the  Internet  or  tradi¬ 
tional  voice  communications 
were  suddenly  struck  down.  But 
they  asserted  the  NCRCG  is 
“ready  to  stand  up”  to  confront  a 
catastrophic  cyberevent  to 


defend  the  country. 

“We’re  working  with  key  vendors 
to  bring  the  right  talent  together 
for  a  mitigation  strategy  said  Jerry 
Dixon,  the  second  NCRCG  co¬ 
chair  and  deputy  director  for 
operations  for  the  National  Cyber 
Security  Division  at  US-CERT.“We 
recognize  much  infrastructure  is 


operated  by  the  private  sector.” 
The  U.S.  government  conducted 
cyber  war  games  in  its  Cyber- 
Storm  exercise  last  year  and  is 
planning  a  second  one. 

The  third  NCRCG  co-chair,  Chris¬ 
topher  Painter,  principal  deputy 
chief  at  the  Justice  Department, 
said  the  cyber-response  group 


also  seeks  to  communicate  with 
50  countries  worldwide  where 
monitoring  for  massive  cyberse¬ 
curity  events  goes  on  as  well. 
“Some  of  them  have  some  of  the 
same  communications  issues  we 
have  here,”  he  said. 

The  Department  of  Homeland 
Security’s  National  Response  Plan 
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For  high-volume  server  applications,  we've  introduced  the 
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simple  and  operation  is  virtually  maintenance-free. 
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calls  for  coordination  with  a  num¬ 
ber  of  agencies,  including  the  De¬ 
partment  of  the  Treasury  when  the 
decision  for  a  national  response  is 
made.  There  has  been  no  major 
cybersecurity  event  against  the 
United  States  so  far  that  has 
prompted  a  national  response. 

The  attempted  massive  DoS 
attack  against  the  Internet’s  root 
DNS  last  week,  which  specifically 
targeted  military  networks,  raises 
the  question  whether  the  United 
States  would  ever  respond  with  a 
counterattack. 

“It’s  the  president’s  call,”  Hall 
said,  pointing  out  the  recommen¬ 
dation  for  a  counterattack  would 
be  passed  to  the  chief  executive 
via  the  U.S.  Strategic  Command  in 
Omaha,  Neb. 

In  the  event  of  a  massive 
cyberattack  against  the  country 
that  was  perceived  as  originat¬ 
ing  from  a  foreign  source,  the 
United  States  would  consider 
launching  a  counterattack  or 
bombing  the  source  of  the 
cyberattack,  Hall  said.  But  he 
noted  the  preferred  route 
would  be  warning  the  source  to 
shut  down  the  attack  before  a 
military  response. 

All  the  military  services  are 
preparing  for  a  military  cyber¬ 
response,  Hall  pointed  out. 

Jim  Collins,  R&D  engineer  at 
the  Air  Force  Information 
Operations  Center,  who  also 
spoke  on  the  need  for  network 
defense  at  a  session  at  the  RSA 
Conference,  said  the  Air  Force 
also  is  gearing  up  for  an  offen¬ 
sive  cyber  capability. 

“The  Air  Force  hasn’t  just  been 
standing  by’ he  said,  noting  that  in 
November  the  Air  Force  added 
the  mission  to  fight  in  cyber¬ 
space  by  creating  a  new  Cyber 
Command. 

“We’re  standing  up  cyberfight¬ 
ers  to  do  network  warfare,” 
Collins  said.“Where  we  had  pilots 
before,  we’ll  have  fighters  in 
cyberspace."  ■ 
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Today,  Dan  configured  a  switch  in  London, 
rebooted  servers  in  Sydney,  and  watched  his 
team  score  the  winning  goal  in  St.  Louis. 

With  Avocent  data  center  solutions,  the  world  can  finally  revolve  around  you.  Avocent  puts  secure 
access  and  control  right  at  your  finger  tips  -  from  multi-platform  servers  to  network  routers,  your  local  data 
center  to  branch  offices,  across  the  hall  or  around  the  globe.  Let  others  roll  crash  carts  to  troubleshoot 
-  with  Avocent,  trouble  is  on  ice. 

To  learn  more,  visit  us  at  www.avocent.com/ice  to  download  Data  Center  Control:  Guidelines  to  Achieve 
Centralized  Management  whitepaper  or  call  866.277.1924  for  a  demo  today. 
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security  for  guests,  contractors  and  employees  -  cross  platform.  Juniper  makes  any  network  more  secure: 

www.juniper.net/UAC 


Juniper  _ 

"  ,oUf 


Net 


1.888. JUNIPER 


■■ 


2.12.07  •  www.networkworld.com  •  17 


Cisco  vows  to  strengthen  security  line 


BY  ROBERT  MCMILLAN,  IDG  NEWS  SERVICE 

SAN  FRANCISCO  —  Over  the  next  few 
months,  Cisco  plans  to  enhance  a  range  of 
its  security  products,  providing  customers 
an  integrated  and  improved  line  of  offer¬ 
ings. 

The  company  made  the  announcement 
at  the  RSA  Show  last  week.  It  plans  a  major 
new  release  to  the  software  that  runs  its 
Adaptive  Security  Appliance  (ASA)  prod¬ 
uct.  Also  in  the  works  are  updates  to  the 
Intrusion  Prevention  System  (IPS),  Cisco 
Security  Agent  (CSA),  Cisco  Security 
Manager  (CSM),  and  Mitigation  Analysis 
and  Response  System  (MARS). 

The  upcoming  Version  8.0  of  the  ASA  soft¬ 
ware  will  include  about  120  enhance¬ 
ments,  but  perhaps  most  significantly  its 
AnyConnect  VPN  client  will  now  work  on  a 
much  broader  range  of  platforms,  including 
Windows  Vista,  Mac  OS  X,  Linux  and 


Windows  Mobile  5.0  Pocket  PC  Edition. 

“We’re  extending  this  out  of  the  tradition¬ 
al  realm  of  just  laptops,"  said  Bob  Berlin,  a 
Cisco  senior  product  marketing  manager. 

Cisco  is  also  improving  the  information¬ 
sharing  capabilities  between  its  IPS  6.0  and 
CSA  5.2  software  to  make  the  products  bet¬ 
ter  able  to  identify  and  block  emerging 
threats.  Another  new  feature  will  allow  CSA 
to  assign  QoS  tagging  to  network  traffic  so 
performance  can  be  boosted  on  applica¬ 
tions  such  as  VoIP 

Using  engineering  talent  it  acquired  in  its 
2004  purchase  of  Riverhead  Networks, 
Cisco  has  also  developed  new  algorithms 
that  allow  the  IPS  software  to  better  analyze 
potentially  malicious  activity  on  the  net¬ 
work.  The  CSA  software  will  also  be  better 
integrated  and  easier  to  manage  with  the 
upcoming  Version  3.1  of  CSM. 

After  years  of  acquisitions,  Cisco  is  just 


now  starting  to  hook  its  security  products 
together,  said  Robert  Whiteley  a  senior  ana¬ 
lyst  with  Forrester  Research. 

This  is  critical  if  Cisco  wants  to  maintain 
its  new  position  as  a  player  in  the  security 
space,  he  said.  “Whether  people  acknowl¬ 
edge  it  or  not,  Cisco  is  one  of  the  largest 
security  vendors,”  Whiteley  said.  “But  they 
haven’t  had  quite  as  much  of  an  integrated 
story  as  you’d  see  from  a  [security]  special¬ 
ist.” 

Cisco  has  had  a  lot  of  integrating  to  do. 
The  company  has  made  about  10  security- 
related  acquisitions  in  the  past  three  years. 
The  company  now  posts  more  than  $2  bil¬ 
lion  in  annual  security  product  sales  and 
employs  more  than  1,400  security  engi¬ 
neers,  according  to  Richard  Palmer,  senior 
vice  president  of  Cisco’s  Security 
Technology  Group. 

Cisco  may  be  starting  to  integrate  its  exist¬ 


ing  security  products  now,  but  it  would  also 
like  to  extend  its  offerings  to  address  new 
areas  such  as  data  leakage,  a  hot  new  area 
in  the  security  field.“That’s  certainly  an  area 
where  we’re  going  to  be  investing,”  Palmer 
said.  ■ 
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A  growing  divide  in  healthcare  IT 

Small  practices  slow  to  adopt  electronic  medical  records  because  of  cost 


BY  JON  BRODKIN 

Electronic  medical  records  and 
other  IT  upgrades  are  seen  as  a  sil¬ 
ver  bullet  in  the  health  industry’s 
struggle  against  rising  costs  and 
quality  problems,  but  high  start-up 
expenses  are  creating  a  growing 
divide  between  big  industry  play¬ 
ers  and  small  practices. 

Fewer  than  one  in  four  doctors 
nationwide  have  begun  using 
electronic  health  records  (EHR), 
and  most  who  are  using  elec¬ 
tronic  records  have  done  only  a 
partial  implementation,  said 
John  Glaser,  vice  president  and 
CIO  of  the  Massachusetts  hospi¬ 
tal  chain  Partners  Healthcare 
System  at  a  Massachusetts  Health 
Data  Consortium  recently. 

“We’ve  got  a  divide  now  and  it’s 
going  to  get  worse  in  the  years 
ahead,”  Glaser  said. 

Meanwhile,  the  Mayo  Clinic  is 
taking  a  lead  role  in  electronic 
medical  records  and  large  corpo¬ 
rations  such  as  Wal-Mart  are  pro¬ 
viding  their  employees  with  per¬ 
sonal  health  records  (PHR), 
which  let  patients  log  on  to  the 
Web  and  view  medical  informa¬ 
tion  such  as  test  results  and 
instructions  for  taking  medica¬ 
tion.  Promoters  of  personal 
health  records  say  they  let 
patients  make  better  decisions 
related  to  their  care,  but  people 


Doctors  slow  to 
adopt  electronic 
health  records 

EHR  adoption  among  U.S.  physicians 
and  health  centers  (2005-2006) 


Physicians  Full  EHR 
11.2% 


Partial  EHR 

12.7% 


None 

76.1% 


Health  centers  Full  EHR 


8.6% 

Partial  EHR 

15.9% 


None 

75.5% 


SOURCE:  Health  Information  Technology 
in  the  United  StatesiThe  Information  Base 
for  Progress,  Robert  Wood  Johnson 
Foundation,  2006 


who  go  to  small  medical  prac¬ 
tices  may  be  left  out. 

Many  people  believe  that  IT  is 
the  answer  to  problems  ailing  the 
health  industry,  and  Glaser 
counts  himself  among  them.  But 
he  said  people  have  unrealistic 
expectations  for  IT  because  all 
previous  approaches  to  contain¬ 
ing  cost  and  maintaining  quality 


have  failed. 

“We  ought  to  be  real  about  this,” 
he  said.The  transition  “will  not  be 
orderly  It  will  be  chaotic.” 

The  U.S.  government  has  made 
the  promotion  of  electronic  med¬ 
ical  records  and  personal  health 
records  an  official  goal.  On  its 
Web  site,  the  U.S.  Department  of 
Health  and  Human  Services  says 
that  because  deploying  electron¬ 
ic  records  is  costly  for  smaller 
practices,  the  expense  must  be 
shared  by  clinicians  and  others 
in  the  healthcare  system. 

Access  to  electronic  medical 
records  must  be  increased  in 
rural  and  underserved  areas,  in 
particular,  government  health 
officials  say.  Regional  collabora¬ 
tion  among  healthcare  entities  in 
the  form  of  regional  health  infor¬ 
mation  organizations  can  help 
make  patient  information  easily 
transferable  from  one  physician 
to  another,  they  say. 

Already  a  private  sector  certifi¬ 
cation  commission  has  been 
formed  to  certify  software  used 
to  digitize  medical  records,  but  a 
large  majority  of  clinicians  still 
use  paper  records  only. 

“Those  who  are  using  EHRs  are 
considered  pioneers  among 
their  peers,”  states  the  federal 
Office  of  the  National  Coordina¬ 
tor  for  Health  Information  Tech¬ 


nology  on  its  Web  site.  “An  in¬ 
creasing  number  of  studies  have 
found  that  EHRs  can  result  in 
positive  patient-care  outcomes, 
but  many  physicians  remain 
reluctant  to  embrace  them. 
Accelerating  the  use  of  EHRs 
among  clinicians  requires  that 
they  are  better  informed  about 
the  benefits  of  incorporating 
greater  technology  into  their 
practice  and  how  it  can  benefit 
their  patients.” 

The  conference  where  Glaser 
spoke, held  two  weeks  ago  in  Burl¬ 
ington,  Mass.,  was  titled  “Inte¬ 
grating  Electronic  Health  Records 
(EHR),  Personal  Health  Records 
(PHR)  and  e-Prescribing.” 

Janie  Tremlett,  senior  strategic 
adviser  for  Concordant,  a  provider 
of  IT  infrastructure  services  in  the 
healthcare  field,  said  the  various 
sectors  of  the  healthcare  industry 
should  join  together  and  figure 
out  how  to  devise  a  sustainable 
funding  model  and  handle  ongo¬ 
ing  costs.  Even  malpractice  insur¬ 
ers  should  be  involved, she  said. 

“How  do  we  begin  to  get  our 
heads  around  this  cost?”Tremlett 
said.  “I’ve  heard  unbelievable 
numbers,  from  $10,000  a  practice 
to  $100,000. That’s  a  big  range.” 

The  medical  field  also  has  to 
decide  whether  databases  hold¬ 
ing  medical  records  will  be  cen¬ 


tralized  or  decentralized,  and 
make  a  governance  plan  outlin¬ 
ing  who  is  responsible  for  each 
portion  of  the  movement  toward 
electronic  records. 

On  the  e-prescribing  front,  the 
pharmacy  industry  in  2001 
formed  a  group  called  Sure- 
Scripts,  which  now  provides  elec¬ 
tronic  prescribing  services  to 
more  than  100,000  doctors  in  46 
states. 

E-prescribing  is  the  completely 
electronic  transmission  of  pre¬ 
scription  information  from  the 
prescriber  to  a  pharmacist,  and 
can  reduce  medication  errors, 
said  Kate  Berry,  senior  vice  presi¬ 
dent  of  SureScripts. 

Americans  receive  more  than  3 
billion  prescriptions  each  year, 
and  pharmacists  have  to  call 
physicians  150  million  times  a 
year  because  of  indecipherable 
or  unclear  prescriptions, she  said. 
More  than  1.5  million  Americans 
are  injured  each  year  by  medica¬ 
tion  errors,  she  said. 

“It’s  widely  known  that  legibility 
is  a  great  challenge  and  potential 
safety  issue,”  Berry  said. 

E-prescribing  can  save  time  for 
doctors  and  pharmacists  while 
providing  cost  savings  to  insur¬ 
ance  plans  that  are  realized 
because  of  greater  formulary 
compliance,  she  said.  IB 
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investors  flock  to  consumer  net  firms 

Although  ForcelO  Networks  and  other  enterprise  start-ups  not  ignored. 


2006  VG  darlings:  Network  top  five 


Network  companies  became  more  interesting  to  investors  in 
2006  with  a  return  to  focus  on  bread-and-butter  products  such 
as  switching  and  carrier  offerings: 


Company 

Location 

Amount  invested 

Products 

ForcelO  Networks 

San  Jose 

$50  million 

10G  Ethernet 
switches 

Hammerhead 

Systems 

Mountain  View,  Calif 

$30  million 

Multiservice  edge 
switches 

Simpler  Networks 

Bedminster,  N.J. 

$25  million 

Telecom  equipment 
and  software  for 
local  service 
providers 

BPL  Global 

Pittsburgh 

$25  million 

Supplies  broadband 
services  over  power 
lines 

Trapeze  Networks 

Pleasanton,  Calif. 

$23  million 

Wireless  LANs 

Total:  $255  million 


Source:  A  special  slice  done  for  Network  World  of  the  annual  data  generated  by  the  MoneyTree  Report. 

For  complete  survey  results  go  to  www.nwdocfinder.com/7324 


BY  CARA  GARRETSON 

Software  and  network  infrastruc¬ 
ture  may  be  safe,  but  not  for  long. 
The  wireless  and  Internet  indus¬ 
tries  in  which  start-ups  targeting 
the  enterprise  once  enjoyed  the 
majority  of  venture  capital  fund¬ 
ing  are  quickly  being  eclipsed  by 
companies  developing  online 
shopping  sites,  mobile  entertain¬ 
ment  delivery  services  and  set-top 
box  components. 

In  other  words,  all  hail  the  con¬ 
sumer. 

Interest  in  IT  companies  with 
corporations  as  their  customers 
is  far  from  over,  but  with  once- 
exploding  areas  such  as  enter¬ 
prise  software  and  IT  security  sat¬ 
urated,  venture  capitalists  in  2006 
were  distracted  by  the  lure  of  the 
consumer  in  certain  segments.  A 
quick  glance  at  the  Top  10  ven¬ 
ture  capital  investments  for  2006 
in  the  Internet  and  wireless  sec¬ 
tors  tells  the  story:  Half  of  the 
investments  in  both  categories 
went  to  consumer-focused  prod¬ 
ucts  and  services. 

That’s  where  most  dollars  went, 
too. The  largest  investment  in  an  IT 
vendor  in  2006  was  in  Amp’d 
Mobile,  a  broadband  wireless  ser¬ 


vice  provider  that  offers  music, 
video,  sports  and  gaming  content 
along  with  voice  and  text  messag¬ 
ing.  Amp’d  Mobile  saw  $153  mil¬ 
lion  in  venture  capital  invest¬ 
ments  last  year,  and  counts  MTV 
and  Universal  Music  Group 
among  its  investors. 

Another  big  winner  was  Lime¬ 
light  Networks,  which  operates  a 
content  delivery  network  for 
digital  media,  with  customers 
including  celebrity/fashion  Web 
site  Stardoll  and  online  video 
broadcaster  Metacafe.  Limelight 
officials  won’t  say  what  they 
plan  to  do  with  the  $130  million 
received  in  venture  capital  last 
year  because  the  company  is  in 
a  quiet  period,  which  usually 
means  a  company  is  preparing 
to  go  public. 

Compare  those  investments 
with  the  big  winners  among  enter- 
prise-focused  vendors.  In  the  soft¬ 
ware  sector,  $35  million  went  to 
Global  Market  Insite,  a  maker  of 
online  market  research  tools, 
while  in  network  infrastructure 
the  top  deal  was  $50  million  in 
10G  Ethernet  switch  maker 
ForcelO  Networks. 

What  does  this  new  focus  on  the 


consumer  mean  to  enterprise  IT 
users?  Fewer  dollars  are  going 
into  development  of  technology 
targeted  for  corporate  use,  ob¬ 
servers  say 

However,  consumer  offerings 
that  are  attracting  venture  capital 


dollars  all  require  significant 
leaps  in  technology  and  so  inno¬ 
vation  continues. 

“Media  and  entertainment  are 
very  much  a  technology  play  and 
with  all  those  mobile  devices  out 
there  to  deliver  content  over  the 


wireless  Web,  that  goes  hand  in 
hand  with  the  development  of 
networking  and  communications 
technology  to  enable  more  effi¬ 
cient  and  cost-effective  delivery  of 
those  services,”  says  Tracy  Lefter- 
off,  global  managing  partner  of 
PricewaterhouseCoopers’  venture 
capital  &  private  equity  practice. 
PricewaterhouseCoopers  and  the 
National  Venture  Capital  Associa¬ 
tion  generate  a  quarterly  report 
on  venture  investing  in  all  indus¬ 
tries  called  the  MoneyTree  Re¬ 
port,  based  on  data  from  Thom¬ 
son  Financial. 

And  many  believe  that  the  tech¬ 
nology  innovations  fueling  this 
consumer  boom  also  will  find 
corporate  uses.  Some  say  it  al¬ 
ready  has  in  certain  areas. 

Digital  content  —  video  clips, 
podcasts  and  other  rich  media  — 
that  first  became  popular  on  con¬ 
sumer  Web  sites  is  emerging  on 
business-focused  sites,  says  Steve 
Krausz,  general  partner  with  US 
Venture  Partners  in  Menlo  Park, 
Calif.  He  offers  examples  of  Web¬ 
inars  to  educate  customers  on  a 
certain  topic,  or  video  clips  of 
medical  procedures  available 
from  Web  sites.® 


Passwords  and  the  limitations  of  people 


NET  INSIDER 

Scott  Bradner 


One  of  the  biggest  impediments 
to  good  security  is  an  understand¬ 
ing  of  what  people  can  and  can¬ 
not  do. 

1  found  one  of  the  best  exam¬ 
ples  of  this  the  other  day  when  I 
was  asked  to  review  a  security 
plan  presented  by  a  potential  ven¬ 
dor.  Overall  the  plan  was  quite 
good,  but  in  a  number  of  places 
the  company  seemed  to  forget 
that  humans  were  going  to  need 
to  follow  the  rules.  I’ll  use  this 
company’s  password  rules  to 
make  some  points  about  the  need 
for  vendors  developing  security 


rules  to  remember  the  limitations 
of  the  people  in  the  loop. 

At  this  company,  passwords 
must  be  at  least  six  characters 
long  (the  vendor  is  working  on  a 
revision  that  will  require  30-char¬ 
acter  passwords);  they  must  have 
a  reasonable  degree  of  complexi¬ 
ty  (they  must  include  at  least  one 
nonalphabetic  character  and 
must  not  be  simple  words,  names 
or  digit  strings);  and  they  must  be 
changed  every  90  days.  After  three 
failed  attempts,  accounts  are 
locked  out  and  have  to  be  reen¬ 
abled  by  a  system  administrator. 

The  basic  purpose  of  a  pass¬ 
word  is  that  there  be  a  piece  of 
information  that  in  theory  is 
known  only  by  the  legitimate  user 
of  a  particular  account.  For  this  to 
work,  passwords  should  be  mem¬ 
orized  —  not  written  down  where 
others  can  find  them.  Humans 
have  a  hard  time  memorizing 


nonsense,  so  to  facilitate  memo¬ 
rization,  passwords  should  make 
some  kind  of  sense  to  the  user  — 
but  not  so  much  sense  that  peo¬ 
ple  who  know  the  user  can  guess 
them. 

It  is  very  difficult  to  come  up 
with  hard-to-guess  but  easy-to- 
memorize,  six-character  pass¬ 
words,  especially  when  at  least 
one  of  the  characters  cannot  be  a 
letter.  Most  security  geeks  suggest 
that  the  minimum  reasonable 
length  for  passwords  these  days  is 
eight  characters.  It  may  be  far 
worse  to  require  very  long  pass¬ 
words.  Most  normal  users  would 
be  hard  put  to  type  a  30-character 
password  reliably  So  to  ensure 
they  do  not  get  locked  out,  they 
will  choose  an  easy-to-type  pass¬ 
word  and  type  it  very  slowly  —  so 
slowly  that  it  would  be  easy  for 
someone  to  watch  over  their 
shoulder  when  they  are  trying  to 


log  in  at  Starbucks,  and  find  out 
this  “high-security”  access  control. 

The  worst  part  of  this  company’s 
password  plan  is  the  automatic 
lockout  after  three  failed  attempts. 
Auto  lockout  is  used  to  make 
password-guessing  attacks  hard.  If 
a  password  is  at  all  well-formed,  it 
will  take  a  lot  of  guesses  to  break 
it  by  brute  force  (see  www.nwdoc 
finder.com/7322  for  some  num¬ 
bers).  Setting  the  auto  lockout  to 
10,  for  instance,  instead  of  three 
means  there  would  be  an  infini¬ 
tesimally  small  additional  chance 
that  an  attacker  would  guess  the 
right  password  before  being 
locked  out.  From  the  users’  point 
of  view,  however,  a  “three  tries  and 
you’re  dead”  rule  means  they 
must  use  the  same  password  for 
all  their  applications  because  of 
the  risk  involved  with  not  remem¬ 
bering  the  password.  Requiring 
reset  by  a  systems  person  pro¬ 


vides  little  if  any  additional  pro¬ 
tection  compared  with  an  auto¬ 
matic  reenable  after  30  minutes 
—  and  it  irritates  the  heck  out  of 
users. 

Finally  the  requirement  that 
every  90  days  users  have  to  come 
up  with  new  passwords  they  can 
memorize  makes  life  very  hard  for 
some  and  does  not  solve  many 
security  problems. 

All  in  all,  these  rules  would  be 
great  if  a  computer  had  to  follow 
them.  With  people  in  the  loop, 
however,  the  rules  will  in  general 
significantly  reduce  security 
rather  than  increase  it. 

Disclaimer:  Harvard  does  not 
comment  on  the  record  about 
vendor  security  plans,  so  the 
above  critique  must  be  mine. 

Bradner  is  Harvard  University’s 
technology  security  officer.  He  can 
be  reached  at  sob@sobco.com. 
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SPECIAL  FOCUS 

In  face  of  Linux,  Unix  vendors  get  creative 


Enhancing  Unix 

All  the  major  Unix  vendors  plan  updates  in  the  first  half  of  2007.  What's  on  tap: 


Vendor 

Update 

Sun 

Plans  to  integrate  the  Xen  hypervisor  into  Solaris,  letting  users  run  Windows  and  Linux  alongside 
Solaris  and  extending  Solaris  features  —  for  example,  DTrace  for  analyzing  operating  system 
and  application  performance  —  to  virtual  machines. 

HP 

Says  it  will  enhance  manageability  and  availability  by  adding  such  features  as  more  flexible 
workload  migration  and  policy-based  server  provisioning. 

IBM 

Expects  to  continue  to  add  mainframe-like  virtualization  capabilities  with  the  addition  of  partition 
mobility  so  that  any  size  partition  —  even  large  databases  —  can  be  moved  while  running 
to  another  platform,  without  service  interruption. 

Security  features  being  planned  include  encrypted  file  systems,  additional  resiliency  capabilities, 
such  as  first-failure  data  capture  in  the  operating  system,  and  the  ability  to  patch  a  running 
operating  system. 

BY  JENNIFER  MEARS 

little  less  than  a  year  ago,  Internet 
Brands,  which  operates  Web  sites 
for  such  big-ticket  purchases  as 
cars,  homes  and  mortgages,  was 
looking  to  rid  itself  of  the  big-ticket  hard¬ 
ware  in  its  data  center. 

The  company  had  been  running  Solaris 
on  expensive  Sun  boxes  since  it  launched 
as  CarsDirect  in  1998.  Early  last  year,  as  it 
revamped  its  name  to  reflect  its  expanded 
business  focus,  it  also  was  considering 
refreshing  its  hardware,  with  the  goal  of 
cutting  costs. 

“People  wanted  to  go  to  Linux,”  says  Min 
Kang,  director  of  IT  at  the  firm  in  El 
Segundo,  Calif. 

With  Unix  maturing  and  moving  from 
expensive,  big  servers  into  more  flexible 
packages  that,  in  Sun’s  case,  run  even  on 
competitors’  hardware,  Kang  and  his  team 
had  broader  options. 

Today  the  company’s  Web  sites,  which 
get  about  15  million  unique  visitors  per 
month,  are  supported  primarily  by  Dell 
servers  running  Solaris. 

“This  gives  us  freedom,  because  Solaris 
on  x86  runs  on  pretty  much  anything: You 
can  run  it  on  HPyou  can  run  it  on  Dell  — 
you  can  choose  your  hardware.  But  then 
you  also  get  the  reliability  of  Solaris  sup¬ 
port,  and  that’s  my  main  thing  —  sup¬ 
port,”  Kang  says.“If  Sun  didn’t  have  Solaris 
10  on  x86  we  would  probably  have  gone 
to  Linux.” 

It’s  that  scenario  that  has  all  the  Unix  ven¬ 
dors  —  HP  IBM  and  Sun  —  on  their  toes. 
As  x86  servers  become  more  capable,  IT 
managers  are  taking  a  closer  look  at  their 
Unix  installations  to  determine  whether  a 
move  to  Linux  or  Windows  might  make 
sense,  analysts  say. 

“The  defensible  hill  for  Unix  is  the  big, 
vertically  scaling,  mission-critical  applica¬ 
tion,  which  is  usually  some  type  of  data¬ 
base  serving,”  says  Andrew  Butler,  a  vice 
president  and  distinguished  analyst  at 
Gartner.  “But  increasingly  the  appeal  of 
Windows-  and  Linux-based  systems  run¬ 
ning  on  cheaper,  commodity  hardware  is 
becoming  more  and  more  compelling.” 

At  the  same  time,  there  remains  a  huge 
installed  base  of  Unix  systems,  and  the 
vendors  are  showing  no  sign  of  weakening 
commitment  to  their  respective  operating 
systems.  Enterprise  customers  can  expect 
updates  from  all  the  Unix  vendors  in  2007 
that  focus  on  security  enhancements, 
advanced  virtualization  capabilities  and 


broader  management  tools.  In  addition, 
expect  the  vendors  to  roll  out  lower-priced 
Unix  systems  as  they  attempt  to  compete 
with  the  less-expensive  hardware  that  sup¬ 
ports  Windows  and  Linux. 

The  Unix  updates  and  new  systems  will 
come  despite  less  than  encouraging  num¬ 
bers.  For  the  past  few  years,  analyst  firms 
have  seen  Unix  sales  drag.  While  the  num¬ 
ber  of  installed  Unix  systems  remains 
strong,  Windows  and  Linux  revenue  has 
been  on  the  upswing,  while  Unix  sales 
have  lagged. 

Windows  servers  nudged  out  Unix  for 
the  first  time  in  2005  with  revenue  of  $17.7 
billion  —  just  topping  the  $17.5  billion 
spent  on  Unix  servers.  It  was  the  first  time 
in  more  than  a  decade  that  Unix  was  not 
ranked  as  the  No.  1  server  operating  sys¬ 
tem,  according  to  IDC. 

IDC’s  latest  numbers  show  Unix  servers 
still  in  a  downturn,  with  a  nearly  2% 
decline  in  revenue  for  the  third  quarter  of 
last  year  compared  with  the  same  period 
the  previous  year,  while  Windows  and 
Linux  server  sales  jumped  about  5%  com¬ 
pared  with  the  earlier  quarter. 

Market  shifts  already  are  happening:  SGI 
last  year  announced  it  would  no  longer 
sell  the  Unix-based  systems  the  company 
was  built  on,  and  is  hoping  a  shift  in  focus 
to  Linux  and  x86-based  hardware  will  help 
pull  it  out  of  bankruptcy.  By  year-end  ana¬ 
lysts  expect  HP  which  is  moving  its  HP-UX 
customers  onto  Itanium-based  hardware, 
to  stop  selling  its  PA-RISC  systems. 

“We  see  Unix  coming  under  increasing 
attack,”  Gartners  Butler  says.  “And  frankly, 
we  don’t  believe  there  is  any  way  that  Unix 
is  likely  to  truly  grow  in  the  future.  In  other 


words,  it  has  seen  its  best  days.” 

With  the  number  of  legacy  Unix  systems 
huge  —  IDC  pegged  it  at  3.5  million  last 
year  —  enterprise  buyers  should  not 
expect  their  Unix  vendors  to  forsake  them 
anytime  soon,  analysts  say  What  they  can 
expect,  however,  is  an  interesting  year  as 
the  vendors  figure  out  the  best  way  to 
shore  up  their  Unix  businesses.  In  the  past, 
most  vendors  had  a  similar  message  and 
strategy  and  the  market  hinged  on  straight¬ 
forward  performance,  analysts  say 

“But  we’re  getting  into  a  maturing  mar¬ 
ket  where  all  of  the  players  have  solid 
equipment,  solid  operating  systems  and 
good  [independent  software  vendor]  sup¬ 
port,  so  the  differentiator  here  now  isn’t 
speeds  and  feeds  so  much,  it’s  business 
value  and  what  kind  of  business  value 
customers  can  get  out  of  their  Unix  sys¬ 
tems,”  says  Dan  Olds,  principal  at  Gabriel 
Consulting  Group. 

Sun  is  a  prime  example.  By  opening  its 
Solaris  operating  system  to  a  variety  of  ven¬ 
dor  platforms, it  hopes  the  business  value  of 
the  operating  system  alone  will  outweigh 
the  draw  of  Linux  or  Windows,  even  as  cus¬ 
tomers  move  to  lower-priced  hardware. 

“The  way  the  industry  has  dealt  with 
Unix  in  the  past  has  been  to  look  at  it  as  a 
system,  so  you  look  at  Solaris  and  Sun 
hardware  and  it’s  all  packaged  together]’ 
says  Tom  Goguen,  vice  president  of  the 
software  group  at  Sun. “From  our  perspec¬ 
tive,  that’s  a  very  old  view  of  what  the 
industry  is  all  about.” 

In  addition  to  providing  support  for 
Solaris  on  x86  hardware,  Sun  made  its 
Solaris  10  code  open  source  in  January 
2005  and  says  that  more  than  6.5  million 


licenses  have  been  downloaded  since 
then. 

“Key  to  [reinvigorating  Solaris]  is  we  did¬ 
n’t  restrict  the  operating  system  to  our 
hardware  or  Sparc  hardware,”  Goguen 
says.  “We  had  to  change  our  business 
model  and  we  did:  We  made  the  product 
free  and  broadly  available.” 

The  challenge  for  Sun  will  be  attracting 
new  customers  —  as  well  as  ISVs  —  away 
from  Windows  and  Linux,  especially  now 
that  Web-based  applications  are  written  in 
such  operating  system-agnostic  languages 
as  Java  and  .Net. 

“What  I  see  Sun  doing  is  reawakening 
ISV  interest  in  Solaris.  But  ISVs  are  not 
going  to  abandon  their  commitment  to 
Windows  and  Linux  for  Tier  1  versions  of 
their  products,”  Gartner’s  Butler  says. 
“What  Sun  can  hope  for  is  to  put  Solaris 
in  a  position  that  is  higher-priority  than 
AIX  or  HP-UX.” 

HP  and  IBM,  meanwhile,  have  solid 
Linux  and  Windows  businesses  to  fall 
back  on,  but  they  aren’t  sitting  still  when  it 
comes  to  the  Unix  market. 

HPfor  example,  late  last  year  added  secu¬ 
rity  updates  to  HP-UX  lli,  integrating 
encryption  capabilities  directly  into  the 
operating  system,  and  has  plans  to 
enhance  automation  and  management 
within  virtual  environments  when  it  re¬ 
leases  HP-UX  1  li  Version  3  early  this  year. 

IBM  also  is  focusing  on  virtualization 
and  security.  Power6  and  AIX  5.4,  both  due 
this  year,  will  provide  better  utilization 
rates  in  virtualized  environments  by  letting 
users  move  running  partitions  among 
servers.  In  addition,  the  new  release  of  AIX, 
due  mid-year,  will  add  security  features, 
such  as  encrypted  file  systems  and  the 
ability  to  patch  a  running  operating  sys¬ 
tem,  says  Karl  Freund,  vice  president  of 
marketing  for  IBM  System  P 

“In  2007,  enterprise  buyers  can  expect 
the  vendors  to  keep  pushing  the  bar  up  in 
terms  of  business  value,  manageability  uti¬ 
lization  and  getting  more  bang  for  the 
buck  when  it  comes  to  Unix  systems,” 
Gabriel  Consulting’s  Olds  says.  “While  it’s 
not  getting  any  easier  to  be  a  Unix  vendor, 
I  don’t  see  any  of  the  vendors  dropping 
out  any  time  soon.  If  anything,  it’s  going  to 
become  more  of  a  dogfight.”  ■ 
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AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


A  lesson  in  SOA  model-based  mgmt. 

WS-RT  specification  iets  users  manage  complex  model  systems. 


BY  WILLIAM  VAMBENEPE 

IT  practitioners  striving  to  meet  changing 
business  needs  are  using  service-oriented 
architectures  to  speed  development, 
improve  visibility  into  the  business  impact 
of  IT  events,  and  lower  integration  and 
management  costs. 

To  reap  these  benefits,  IT  staffs  need  to 
provide  some  level  of  semantic  integration 
between  IT  systems.  Semantic  integration 
means  that  not  only  do  systems  need  to 
connect  (that  is,  be  able  to  exchange  mes¬ 
sages),  they  also  need  to  have  a  common 
language  for  these  messages  to  be  trans¬ 
lated  into  action  in  an  automatic  way 
Without  this  shared  understanding,  mes¬ 
sages  are  exchanged  but  must  be  translated 
by  a  human  operator  before  resulting  in 
any  action. 

Semantic  integration  is  achieved  via  mod¬ 
els  that  contain  a  description  of  the  ele¬ 
ments  composing  a  system,  as  well  as  the 
relationships  linking  them.While  not  a  cure 
for  all  problems,  models  allow  better 
semantic  integration  through  sharing  of 
model  elements  and  the  use  of  transforma¬ 
tions,  policies  and  desired-state  type  of 


■  Network  World  is  looking  for  great  ideas 
for  future  Tech  Updates.  If  you've  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Editor  in  chief  John  Dix  (jdix 
@nww.com). 


One  possible  application  of  WS-RT 

Q  A  user  describes  the  system  to  create  (such  as  provisioning  a  Windows  2003  server)  by  selecting 
from  a  library  of  existing  IT  models,  then  sends  a  WS-RT  Create  message  to  the  Windows  2003 
server-provisioning  tool  defined  in  that  model. 

H  The  provisioning  tool  creates/configures/discovers  the  resources  needed  (in  this  case,  perhaps  a 
VMware  image  of  Windows  2003  to  be  deployed  on  a  server). 

E]  The  provisioning  tool  returns  Endpoint  Reference,  XML  code  that  lets  Web  services  messages  be 
sent  a  destination  for  the  system  created  (the  Windows  2003  server). 

□  Later  configuration  changes  are  done  by  updating  the  model  using  a  W3-RT  Put  message.  The 
provisioning  tool  reconfigures  the  system  and  returns  a  success  code,  confirming  the  reconfiguration. 


information. 

Models  can  be  easily  translated  from  one 
modeling  language  to  another, so  the  invok¬ 
er  of  the  model  and  the  service  providers 
don’t  need  to  use  the  same  modeling  lan¬ 
guage.  Service  Modeling  Language,  for  ex¬ 
ample,  was  designed  for  that  purpose.  The 
sharing  of  models  across  the  life  cycle  of 
the  system  allows  experts  to  enrich  the 
model  with  information  relevant  to  each 
stage  of  the  life  cycle  (such  as  design,  im¬ 
plementation,  testing,  deployment,  opera¬ 
tion  and  retirement). 

WS-ResourceTransfer  (WS-RT)  plays  at 
the  intersection  of  SOA  and  model-based 
management.  While  its  goals  are  modest 
and  its  usage  will  often  be  hidden.it  meets 
a  critical  need  in  allowing  model-driven 
interactions  to  be  conducted  in  an  SOA. 

WS-RT  defines  a  set  of  Simple  Object  Ac¬ 
cess  Protocol  messages  that  are  used  to 
provide  flexible  access  to  a  model-driven 
service.  It  is  fully  compliant  with  the  WS- 
Transfer  specification  (a  World  Wide  Web 
Consortium  submission  that  is  one  of  the 
components  of  WS-Management)  on 
which  it  is  based. 

But  while  WS-Transfer  allows  access  to  the 
entire  representation  of  the  model  of  a  sys¬ 
tem  that  is  being  accessed  (in  order  to 
read, update, create  or  destroy  it), WS-RT  lets 
individual  parts  be  specified.This  capability 
is  useful  when  interacting  with  models  of 
individual  resources  (such  as  a  server)  and 
is  critical  in  interacting  with  large  models 
that  represent  complex  systems  (such  as  a 
data  center), in  which  case  interacting  with 
the  entire  model  is  impractical. 


The  improvements  that  WS-RT  adds  to 
the  WS-Transfer  Create  operation  allows 
one  to  specify  parts  of  the  model  of  the 
system  to  create.  For  example,  when  asking 
for  a  server  to  be  provisioned,  one  might 
want  to  specify  what  operating  system  it 
should  run  and  how  much  memory  it 
should  have.  But  in  general  the  creator 
doesn’t  want  to  have  to  specify  what  IP 
address  the  server  should  be  assigned 
(even  though  this  information  is  part  of 
the  model  of  the  server).  Rather,  the  IP 
address  will  be  assigned  automatically  at 
the  time  of  provisioning. 

While  the  ability  to  provide  only  a  por¬ 
tion  of  the  model  at  creation  significantly 
improves  the  usefulness  of  the  Create 
operation.it  still  limits  it  to  cases  in  which 
the  input  of  the  Create  operation  is  a  sub¬ 
set  of  the  model  of  the  system.  In  other 
words,  WS-RT  doesn’t  help  when  the 
Create  operation  needs  information  out¬ 


side  of  the  model.  But  once  a  system  is 
available  (whether  it  was  provisioned 
through  WS-RT  or  not),  WS-RT  can  be 
used  to  manage  it  through  interactions 
with  its  model. 

While  systems  management  and  grids  are 
the  most  obvious  areas  of  application  for 
WS-RT,  it  is  relevant  in  all  areas  where 
model-based  integration  is  used  in  coordi¬ 
nation  with  SOA  principles,  a  combination 
that  is  key  to  unlocking  many  of  the  bene¬ 
fits  expected  from  SOA  and  model-based 
management. 

Vambenepe  is  a  distinguished  technolo¬ 
gist  in  HP  OpenView  and  is  co-author  of 
the  WS-RT  specification.  His  blog  is  at 
http:/  /stage,  vambenepe.  com/ 
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Daylight-saving  time  starts  on  the  second 
Sunday  in  March  this  year  instead  of  on  the 
first  Sunday  in  April  as  it  used  to.  What  steps  do 
we  need  to  take  to  avoid  trouble  with  our  com¬ 
puters  and  networks  because  of  this  change? 

Check  with  your  hardware  and  software  vendors  to 
find  out  whether  you  need  to  upgrade  or  install  patch¬ 
es  to  change  the  built-in  time  zone  rules  for  the  day¬ 
light-saving  time  transition,  You  can  find  information 
about  updating  the  time  zone  definitions  for  Windows 


desktop  and  server  systems  at  www.nwdocfinder.com 
/7226.  The  updates  available  for  Windows  XP  and 
Windows  2003  server  are  described  in  a  Microsoft 
Knowledge  Base  story  (www.nwdocfinder.com/7227). 
Sun  is  providing  a  time  zone  updater  for  older  Java 
platform  development  kits  and  runtime  environments 
at  www.nwdocfinder.  com/7228.  Cisco  describes  which 
IOS  versions  require  intervention  in  Field  Notice  FN- 
62613  at  www.nwdocfinder.com/7229.  If  your  Cisco  IOS 
version  cannot  be  upgraded  to  a  recent  version  with 
new  time  zone  definitions,  you  can  use  the  'set  clock 


summertime’  command  to  define  when  to  start  and 
stop  daylight-saving  time.  Mac  users  should  update 
Mac  OS  X  to  Version  10.4.6  or  later.  In  addition  to 
these  and  any  calendaring  systems  in  use,  network 
authentication  and  network  time  services  should  be 
updated  and  watched  carefully  over  the  daylight- 
saving  time  transition  to  make  sure  any  related  prob¬ 
lems  are  avoided  or  minimized. 

Blass  is  an  IT  manager  in  Phoenix  and  can  be  reached 
at  dr.internet@jschnee.com. 


Let  Internet  Security  Systems  stop 

network  threats  before  they  shut  down  your  business 


How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain?  Even  "zero-day"  solutions  aren't  fast  enough  to  protect  against  losses  once  an  Internet 
attack  hits.  The  alternative  is  preemptive  security  from  Internet  Security  Systems  (ISS).  Because  our  enterprise  solutions  are  based  on  the  world's  most  advanced  vulnerability 
research,  only  ISS  can  offer  preemptive  security  and  stop  threats  More  they  impact  your  business.  So  why  rely  on  "reaction"  when  security  can  be  a  sure  thing? 

Need  proof?  Get  a  free  whitepaper,  Preemptive  Security:  Changing  the  Rules ,  at  www.iss.net/oroof  or  call  today  at  800-776-2362. 
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Our  new  data  center  offers 
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Our  new  data  center  sets  unrivalled  standards  in  web 
hosting.  We  have  invested  million  to  improve  our 
customers'  experience.  Every  single  advance  in  our 
investment  and  expertise  is  geared  to  performance 
for  customers.  The  proof  is  in  the  speed  and  the  uptime 


zl  99.99%  uptime  -  You  can  rely  on  1&1 
zl  Over  6  million  customers  worldwide  trust  1&1 
z/  Feature  packed  hosting  plans  from  $2. 99/month 
zl  New!  Powerful  dedicated  and  virtual  servers 


1.877.go1and1 


better  with  1&1 ! 


BUSINESS 

3 

250  GB 
2,500  GB 

2,500  IMAP  or  POP3 
2  GB 
/ 

18  Pages 
18  Pages 
/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

/ 

24/7  Toll-free  Phone,  E-mail 


you  more  power,  more  security,  more  value! 


PREMIUM 


$1 .99/year  with  purchase 


200  GB 


2,000  GB 


2,000  POP3 


10  MB 


Extra  charge  applies 


Freeware 


$4. 99/month 


Freeware 


$3. 99/month 


24/7  Phone,  E-mail 
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©  2006  1&1  Internet,  Inc.  All  rights  reserved.  Prices  based  on  a  comparison  of  regular  Linux  prices,  effective  12/22/2006. 
Product  and  program  specifications,  availability,  and  pricing  subject  to  change  without  notice.  Some  limitations  apply  to  the 
Money  Back  Guarantee.  Visit  1and1.com  for  details.  Go  Daddy  is  a  registered  trademark  of  Go  Daddy  Software,  Inc.;  Yahoo! 
is  a  registered  trademark  of  Yahoo!  Inc. 


1and1.com 


or  visit  us  now 


Included  Domains 


Web  Space 


Monthly  Transfer  Volume 


E-mail  Accounts 


Mailbox  Size 


Search  Engine  Submission 


Website  Builder 


Flash  Site  Builder 


Photo  Gallery 


RSS  Feed  Creator 


Ad-free  Blog 


Map  &  Driving  Directions 
Dynamic  Web  Content 
Web  Statistics 


E-mail  Newsletter  Tool 


In2site  Live  Dialogue 
Chat  Channels 


Form  Builder 


Premium  Software  Suite 


STANDARD 


10GB 


400  GB 


500  POP3 


2  GB 


$  10/month 


24/7  Toll-free  Phone,  E-mail 


90-Day  Money  Back  Guarantee 


Support 


Price  Per  Month 


26  •  www.networkworld.com  •  2.12.07 


AppLogic:  Enterprise  Infrastructure 


Last  week  we  began  discussing 
3tera’s  AppLogic  (www.3tera.com), 
an  infrastructure  virtualization  sys¬ 
tem  that  were  all  kinds  of  excited 
about.This  week  we’ll  take  a  detailed 
look  at  how  AppLogic  works  its 
voodoo  that  it  works  so  well. 

As  we  explained,  under  the  hood 
AppLogic  is  a  set  of  services  that  are 
installed  on  the  freeware,  open 
source  CentOS  4.3.  In  terms  of  hard¬ 
ware,  the  AppLogic  grid  requires  an 
Intel-  or  AMD-based  commodity 
server  with  a  minimum  of  1GB  RAM  (2GB  is  preferred), and 
an  80GB  IDE  or  SATA  hard  drive  (200GB-plus  preferred). 

The  grid  infrastructure  requires  each  node  to  have  at  least 
a  100Mbps  network  interface  card  (NIC)  for  the  public  net¬ 
work  and  a  Gigabit  NIC  for  the  private  network  to  support 
the  system-level  communications  between  the  nodes  of 
the  grid.  A  dedicated,  nonblocking  Gigabit  switch  is  re¬ 
quired  to  interconnect  all  of  the  grid  nodes. 

Installation  of  the  grid  nodes  is  done  from  the  AppLogic 
Distribution  (ALD)  Server,  which  can  be  more  or  less  any 
PC  or  laptop  that  is  connected  to  the  private  network.  This 
machine  isn’t  part  of  the  final  grid,  and  preparing  the  ALD 
takes  about  one  hour  while  each  node  takes  about  three 
minutes  if  the  machine  already  has  CentOS  installed. 

Once  installed,  an  AppLogic  grid  provides  two  control 
interfaces:  a  Web-based  management  tool  and  a  command¬ 


line  interface.  The  Web-based  management  tool  provides 
status  monitoring  for  the  grid  and  configures  applications. 

The  command-line  interface  is  used  to  control  and  man¬ 
age  everything  else  that  concerns  the  grid  and  its  applica- 
tions.This  includes  application  and  component  launching 
and  termination, server  and  grid  rebooting,  and  so  on. 

To  create  an  AppLogic  application  you  use  the  Web-based 
interface  and  open  what  is  effectively  an  infrastructure 

Which  leads  us  to  the  question 
of  what  is  in  your  tool  kit? 

workspace,  a  slice  of  the  virtualized  infrastructure,  into 
which  you  can  create  a  new  application,  copy  an  existing 
application  or  modify  an  existing  one. 

The  Web  interface  lets  you  drag  and  drop  components 
such  as  databases,  and  input  and  output  interfaces,  and 
then  connect  component  outputs  to  inputs. 

You  also  define  the  parameters  of  your  application  (input 
and  output  IP  address,  mail  server  name  and  whatever 
other  parameters  are  defined),  the  maximum  and  mini¬ 
mum  number  of  servers  the  application  is  to  run  on,  as  well 
as  the  maximum  and  minimum  processors,  amount  of 
RAM  and  bandwidth.You  can  define  from  two  to  nine  mir¬ 
rors  (in  effect,  a  RAID  I  configuration  between  the  mirrored 
servers),  which  provides  automatic  application  restart  in 
the  case  of  failure. 

Once  an  application  is  configured  you  switch  over  to  the 


shell  environment  and  issue  the  command  “app  start 
<app_name>”. AppLogic  then  builds  the  application  by  cre¬ 
ating  its  required  storage  and  setting  the  configuration 
details,  and  then  execution  is  scheduled. 

AppLogic  is  very  flexible.  If  you  want  to  implement  con¬ 
figuration  and  management  services  of  your  own  the 
AppLogic  shell  is  fully  scriptable. 

3tera  plans  to  integrate  the  command-line  interface  with 
the  Web  interface  so  that  everything  can  be  managed  from 
one  place.lt  also  plans  to  add  Windows  servers  to  the  sys¬ 
tem  —  today  if  you  want  to  run  Windows  on  the  grid  you 
have  to  run  it  under  VMware  in  an  AppLogic  application. 

Imagine  that  you  have  a  few  hundred  or  more  servers 
under  your  control.  Here’s  the  question:  Are  you  one  of 
those  guys  who  just  has  to  have  his  sweaty  hands  on  the 
hardware?  Could  you  part  with  all  that  shiny  stuff? 

This  is  important  because  if  you  can  let  go  of  servers  as 
they  life  out  then  a  solution  such  as  AppLogic  lets  you  lease 
hardware  from  hosting  providers  and  create,  run  and  man¬ 
age  your  service  infrastructure  out  of  house.  If  you  need 
more  resources,  you  pay  for  more  hardware  resources  and 
add  them  to  your  grid  or  start  a  new  one.  Running  and  man¬ 
aging  your  infrastructure  can  be  done  from  anywhere. 

And  that’s  it.  Provisioning,  running  and  managing  enter¬ 
prise  scale  application  infrastructure  under  AppLogic  is 
amazingly  straightforward.This  is  definitely  a  company  and 
product  to  watch. 

Provision  your  thoughts  to  gearhead@gibbs.com. 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


Fujitsu  expands  ultraportable  notebook  line 

Just  when  I  thought  I  was  happy  with  my  new  notebook, 
along  comes  Fujitsu  with  another  ultraportable  model  to 
make  my  shoulders  jealous.  The  latest  less  than  3-pound 
notebook  is  the  LifeBook  P7230,  which  Fujitsu  says  is  15% 
thinner  than  its  predecessor,  and  is  the  “smallest  and  lightest 
ultraportable  notebook”  to  include  a  modular  bay  with  a 
dual-layer  multiformat  DVD  writer  (or  second  battery).  The 
P7230  starts  at  $1,700  and  features  a  10.6-inch  LED  widescreen 
display,  Intel  Core  Solo  U1400  processor,  and  choice  of  Win¬ 
dows  Vista  Home  Basic, Vista  Business  orXP  Professional. Wire¬ 
less  options  include  an  integrated  Intel  Pro  Wireless  802.1  lb/g 
card  or  an  Atheros  Super  AG  wireless  modem  (802.1  la/b/g). 
Other  connection  features  include  Gigabit  Ethernet,  Blue¬ 
tooth,  two  USB  2.0  ports,  an  IEEE  1394  port,  full-sized  video 
port  and  a  combination  media  card  slot  that  supports  SD, 
Memory  Stick  Pro  and  xD  cards. The  notebook  also  has  dual 
built-in  microphones,  stereo  speakers  and  an  optional  built- 
in  Webcam  that  lets  users  take  pictures  or  capture  video.  An  integrated  biomet¬ 
ric  fingerprint  sensor  and  embedded  Trusted  Platform  Module  system  let  you 
store  file  passwords  and  keys  on  a  microchip. 

If  a  second  battery  is  used  the  notebook  can  last  for  as  many  as  9.75  hours, 
Fujitsu  says.  The  company  added  an  ECO  button,  which  when  pressed  reduces 
power  consumption  for  the  notebook’s  components  by  disabling  the  optical  disk 
drive  and  reducing  the  brightness  on  the  display. The  system  also  includes  a  hard 
disk  drive  protection  system  that  retracts  the  hard  drive  head  if  sudden  movement 
or  vibrations  are  detected. 


The  Fujitsu 
LifeBook  P7230 
weighs  less  than 
3  pounds. 


Alienware  launches  quad-core  workstation 

If  power  is  more  your  thing,  Alienware  has  some  new  workstations  to  look  at.The 
company  has  launched  its  first  workstation  that  features  quad-core  Intel  Xeon  pro¬ 
cessing,  the  MJ-12  8550i.  Alienware  says  the  85501  is  the  first  in  its  series  of  work¬ 
stations  coming  in  the  first  quarter  of  this  year.  Pricing  starts  at  $2,500. 

The  workstation  is  designed  for  creative  professionals,  such  as  CAD  engineers 
and  digital  content  creators,  promising  50%  greater  performance  than  previous- 
generation  Intel  Xeon  processors,  Alienware  says.  The  8550i  is  available  with  as 
many  as  four  15,000  RPM  serial  attached  SCSI  hard  drives,  as  much  as  16GB  of 
memory,  and  NVIDIA  Quadro  FX  and  ATI  FireGL  graphics  options. 

Imation  adds  encryption  to  USB  flash  drive 

Imation  recently  enhanced  its  USB  flash  drive 
line  with  additional  security  features.  The 
Imation  Pivot  Flash  Drive  ($20  to  $120, 
depending  on  capacity)  now  includes  an 
upgrade  to  256-bit  AES  encryption.  The  com¬ 
pany  also  says  its  Imation  Clip  Flash  Drive  ($15 
to  $100,  depending  on  capacity)  supports  as  much 
as  4GB  of  storage  space. 

The  Pivot  Flash  Drive  includes  a  jackknife  design,  rubber¬ 
ized  casing  and  password  protection  features  (as  well  as  up  to 
4GB  in  capacity).  Current  Pivot  Flash  Drive  users  can 
upgrade  from  128-bit  encryption  to  the  new  256-bit  encryp-  p:unt  ciacu 

lion  at  the  Imation  Web  site.  5  t"atu7eS  256 

bit  AES  encryption. 

Shaw  can  be  reached  at  kshaw@nww.com.  Catch  a  new 
Cool  Tools  Video  Show  every  Thursday,  and  listen  to  the  Twisted  Pair  podcast  every 
Friday  at  www.networkworld.com. 
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Innovation,  Intertwined. 
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Study  provides 
insight  into  hacks 

Anew  study  by  the  University  of  Maryland’s  A.  James 
Clark  School  of  Engineering  shows  the  Internet  wilds 
are  still  teeming  with  hordes  of  good  old-fashioned 
brute-force  attacks  and  quantifies  how  frequently  machines 
are  attacked  and  the  methods  used. 

Michel  Cukier,  Clark  School  assistant  professor  of  mechani¬ 
cal  engineering  and  an  affiliate  of  the  Clark  School’s  Center 
for  Risk  and  Reliability  and  Institute  for  Systems  Research, 
deployed  four  Linux  systems  with  “weak  security”  on  the 
Internet  and  sat  back  to  watch. 

Not  surprisingly  the  attacks  came  fast  and  furiously  —  aver¬ 
aging  one  every  39  seconds,  or  2,244  attacks  per  day 
“The  majority  of  attacks  came  from  relatively  unsophisti¬ 
cated  hackers  using  dictionary  scripts” . . .  running  through 
“lists  of  common  usernames  and  passwords,”  the  school 
reported.  Analyzing  the  attacks  showed  which  usernames 
and  passwords  were  tried  most  often  and  provided  insight 
into  what  hackers  tried  once  they  gained  entry 
“‘Root’ was  the  top  user  name  guess  by  dictionary  scripts 
—  attempted  12  times  as  often  than  the  second-place 
‘admin,’”  the  school  reported.“Successful  ‘root’ access  would 
open  the  entire  computer  to  the  hacker,  while  ‘admin’  would 
grant  access  to  somewhat  lesser  administrative  privileges. 
Other  top  usernames  in  the  hackers’ scripts  were  test,  guest, 
info,  adm,  mysql,  user,  administrator  and  oracle.” 

The  research  showed  the  most  common  password-guessing 
ploy  involved  playing  off  usernames.“Some  43%  of  all  pass¬ 
word-guessing  attempts  simply  reentered  the  username,”  the 
school  reported.“The  username  followed  by  123  was  the  sec¬ 
ond  most-tried  choice.  Other  common  passwords  attempted 
were  123456, password,  1234, 12345, passwd,  123, test, and  1.” 

Once  inside,  the  hackers  did  what  hackers  do,  in  this 
sequence:  try  to  access  the  systems’ software  configuration, 
change  passwords,  check  the  software  and  hardware  config¬ 
uration  again,  download  a  file,  install  the  downloaded  pro¬ 
gram,  and  then  run  it. 

The  scripts  returned  a  list  of  other  systems  the  hackers 
might  be  able  to  access,  and  the  hackers  then  busied  them¬ 
selves  with  that  task,  often  installing  backdoors  so  the  com¬ 
promised  machines  could  be  used  in  botnets. 

The  study  concluded  with  the  obvious,  but  it  is  always 
worth  repeating: “Computer  users  should  avoid  all  of  the 
usernames  and  passwords  identified  in  the  research  and 
choose  longer,  more  difficult  and  less  obvious  passwords 
with  combinations  of  upper  and  lowercase  letters  and  num¬ 
bers  that  are  not  open  to  brute-force  dictionary  attacks.” 

Security  is  a  people,  process  and  technology  problem  and 
the  weakest  link  in  the  chain  are  the  people.  Putting  in  place 
stronger  password  requirements  could  save  some  agony 


Onimons 


Time  for  a  change 

“Earlier  daylight-saving  start  costing  IT  departments 
time”  (www.nwdocfinder.com/7250)  contains 
quotes  from  two  CIOs  that  give  the  impression  that 
if  you  rely  on  time  servers,  the  daylight-saving  time 
change  will  not  be  a  major  issue.  Network  Time 
Protocol  specifications  and  every  time  service  that 
I’m  aware  of  use  Coordinated  Universal  Time  (UTC) 
as  the  time  source  and  rely  on  the  local  host  to 
apply  an  offset  based  on  time  zone/daylight-saving 
time  to  calculate  local  time. Thus,  a  machine  that 
syncs  to  an  external  time  server  but  hasn’t  been 
updated  for  the  new  daylight-saving  time  rules  will 
still  be  applying  the  wrong  offset  and  be  off  by  an 
hour.  Simply  having  an  internal  server  in  most  cases 
won’t  mitigate  the  problem  because  most  sync  to 
an  outside  UTC  source. 

Rather  than  help  with  the  problem,  time  servers 
syncing  hosts  that  have  not  had  their  daylight-sav¬ 
ing  time  information  updated  may  exacerbate  the 
issue.  A  user  coming  to  work  Monday  morning, 
March  12,  to  an  unpatched  computer  will  find  the 
time  hasn’t  been  updated  on  his  system  and  will 
likely  try  to  reset  it  to  the  correct  time.  When  that 
computer  syncs  with  the  time  server,  it  will  find  it’s 
off  by  an  hour  and  will  be  reset  back  to  the  incor¬ 
rect  time.  If  you  have  an  application  that  relies  on 
accurate  local  time  information,  this  would  be  a 
very  bad  Monday. 

The  daylight-saving  time  change  should  be  on 
every  reader’s  radar  screen  due  to  the  potential  dis¬ 
ruption  it  may  cause, and  it’s  important  that  you  high¬ 
light  this  time-server  misconception  in  the  story 

Glen  Drager 
Network  administrator 
Tyrone  Area  School  District 
Tyrone,  Pa. 


The  CIO  quoted  in  your  story  on  daylight-saving 
changes  contends  that  if  you’re  using  something 
that’s  tied  externally  to  a  network  time  server,  then 
who  cares  about  daylight-saving  time  changes  be¬ 
cause  the  network  time  servers  are  going  to  be  up¬ 
dated  anyway 

Network  Time  Protocol  (NTP)  is  the  dominant 
time  protocol  in  use  today  and  distributes  time 
updates  using  Coordinated  Universal  Time.  It  is  the 
responsibility  of  each  NTP  client  to  adjust  this  for  a 
particular  time  zone  and  daylight-saving  time. 
Using  NTP  does  not  by  any  means  solve  the  day¬ 
light-saving  time  rule-change  problem. 

Jeff  Davis 
Project  specialist,  lead 
Howmet  Castings 
Whitehall,  Mich. 

Telecommuting  not  a  career  killer 

“Telecommute.  Kill  a  career?”  (www.nwdocfinder. 
com/7251):  contains  a  big  dose  of  “Who  me,  a  tele¬ 
commuter?  No  way!”  Yet  these  people  are  probably 
100%  mobile  workers  in  mid-  to  senior-level  exec¬ 
utive  positions  and  if  so,  they  have  advanced 
while  time-shifting  their  commutes  and/or  being 
flexible/mobile/teleworking  employees. 

At  presentations  I  like  to  ask  the  audience, “How 
many  of  you  telework  or  telecommute?”  Not  an 
arm  stirs.  But  a  forest  of  hands  goes  up  when  I  ask, 
“How  many  of  you  work  at  home  in  the  evening,  at 
weekends  or  while  you  are  traveling?” 

John  Edwards 
Chairman 
The  Telework  Coalition 
Potomac  Falls, Va. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


*§f|M  Readers  respond  Find  out  what  readers  are  saying  about  these  and  other  topics. 
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—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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THE  POWER 


PART  2:  REMOTE  REPLICATION  FOR  DISASTER 

RECOVERY  PROTECTION 


When  organizations  consider  adding  disk 
to  their  backup  process,  one  of  the 
issues  they  need  to  address  directly  is 
the  fact  that  conventional  disk  backup 
makes  it  difficult  to  protect  data  against  site  loss  or 
other  local  threats.  No  matter  how  much  RAID 
protection  and  system-level  redundancy  is  put  in 
place,  without  sound  disaster  recovery  processes, 
viruses,  natural  disasters,  malicious  destruction,  or  a 
variety  of  other  site-based  events  can  create  critical 
data  loss  that  can  be  disastrous  for  businesses  and 
their  customers. 


data  de-duplication  appliance,  they  never  have  to 
send  another  copy  of  the  block  again. 

Since  a  large  percentage  of  backup  data  is  made  up 
of  redundant  blocks,  the  amount  of  bandwidth 
needed  to  replicate  data  sets  is  dramatically  reduced. 
Now  users  can  replicate  backup  data  sets  easily, 
quickly,  and  securely  over  existing  WANs  to  create 
disaster  recovery  copies  of  backup  data  in  different 
locations.  The  result  is  better  protection,  more 
recovery  points,  reduced  media  handling,  and  lower 
management  costs. 


“With  hardware  compression, 
asynchronous  replication,  and 
onboard  monitoring  and  diagnostic 
tools,  Quantum’s  got  a  powerful 
message” 

Heidi  Biggar,  an  analyst 

with  the  Enterprise  Strategy  Group. 


SUPPORTING  YOUR  INVESTMENT 

Quantum's  DXi-Series  appliances  represent  a  major 
step  forward  in  making  disk  backup  and  remote 
replication  easily  deployed  and  practical  parts  of  a 
comprehensive  data  protection  strategy.  However, 
protecting  critical  data  in  distributed  sites  often 
requires  a  combination  of  approaches  and 
technologies.  The  right  solution  depends  on 
data  volume  and  types,  recovery  objectives,  time 
constraints,  budgets  and  long  term  retention 
policies. 

As  the  leading  global  supplier  of  backup,  recovery, 
and  archive  solutions,  Quantum  offers  a  full  line  of 
backup  solutions,  and  a  team  of  technical  advisors 
to  help  users  make  the  right  choice  for  their 
environment.  All  of  our  solutions — whether  they 
are  based  on  disk,  replication,  tape  or  a 
combination  of  technologies — are  supported  by 
Quantum's  innovative  StorageCare™  Guardian 
technology  and  the  industry's  premier  global 
service  organization  dedicated  to  backup,  recovery, 
and  archive. 


Remote  replication  of  backup  data  has  been 
proposed  as  a  solution  in  the  past,  but  in  fact  the 
amount  of  backup  data  and  the  cost  of  bandwidth 
have  prevented  it  from  being  a  viable  solution  -  that 
is  until  now.  Data  de-duplication  technology  is 
changing  the  equation  by  applying  the  same  kind 
of  power  to  replication  that  it  provides  for  storing 
backup  data  on  disk. 

When  de-duplication  is  applied  to  remote  replication, 
the  power  of  WANs  to  move  backup  data  is 
increased  by  10  to  50  times.  The  result  is  that 
replication,  and  disk  backup,  can 
dramatically  increase  their  roles 
in  the  data  protection  process. 


A  WINNING  COMBINATION  OF 
TECHNOLOGIES 

Data  de-duplication  works  at  a 
block  level  to  find  and  eliminate 
redundant  data.  When  a  backup 
device  that  uses  data  de- 
duplication  technology  sees  a 
repeated  block  of  data,  it  stores 
a  pointer  instead  of  storing  the 
block  again.  A  backup  appliance 
with  remote  replication  software 
capabilities  extends  the  same 
approach  —  once  users  have 
moved  a  copy  of  a  block  to  a 
second  site  and  stored  it  on  a 


Remote  Office  C 


Quantum's  replication  technology,  available  in  the 
DXi-Series  of  disk  backup  appliances,  is  extremely 
flexible  -  any  appliance  can  replicate  data  to  any 
other  model,  and  multiple  appliances  can  replicate 
data  to  a  central  location. 

The  Quantum  DXi-Series  allows  users  to  combine 
disk,  replication  and  tape  for  an  optimal  combination 
of  performance,  simplicity,  and  security.  With 
Quantum's  disk-based  backup  appliances,  users  no 
longer  have  to  compromise  on  disaster  recovery 
protection. 


Users  can  transmit  data  from  a  single  site  or  multiple  sites  to  a  central 
location  over  existing  WANs  for  automated  disaster  recovery  protection. 


Interested  in  learning  more  about  how  data  de- 
duplication  can  help  improve  your  backup?  Contact 
Quantum  today  at  800-677-6268.  Our  team  of 
technical  advisors  can  help  you  make  the  right  choice 
for  your  environment. 

To  read  Part  1:  Advanced  Data  De-Duplication, 
visit  us  at  www.quantum.com/DXi 

enter  code:  ADV151 


Quantum 


Backup.  Recovery.  Archive.  It's  What  We  Do. 


©  2007  Quantum  Corporation.  All  rights  reserved. 


Mgmt.  wares  that  fit  the  bill 
but  don’t  break  the  bank 

IpMomtor  gets  top  billing  among  formidable  competition 

BY  BARRY  NANCE,  NETWORK  WORLD  LAB  ALLIANCE 

If  you  despair  because  good  network  management  and  monitoring  tools 
can  eclipse  your  company’s  total  annual  revenue,  take  heart.  In  this  Clear 
Choice  test  of  seven  entry-level  network  monitoring  and  management  offer¬ 
ings,  we  found  these  tools  feature-rich,  mature,  reliable,  easy  to  use,  able  to 
monitor  a  diverse  network  and  affordable  (for  this  test,  that  means  the  start¬ 
ing  price  is  less  than  $1,500). 


For  any  size  network,  the  ideal  management  and  moni¬ 
toring  tool  efficiently  and  accurately  discovers  servers, 
clients,  routers,  switches  and  other  devices.  It  revealingly 
displays  a  map  of  the  discovered  nodes,  it  faithfully  checks 
for  connectivity  problems  and  it  accurately  notices 
performance  problems  such  as  excessive  network  utiliza¬ 
tion  or  an  overburdened  server.  It  alerts  you  to  these  prob¬ 
lems  and  takes  escalation  actions  until  the  problem  is 
fixed.  It  can  in  some  cases  automatically  solve  a  problem 
by  restarting  a  program,  running  a  script  or  running  an 
external  program.  It  produces  useful  reports  that  show  the 
health  of  your  network,  measure  the  utilization  of  the  net¬ 
work  and  forecast  trends  to  help  you  plan  the  network’s 


future  capacities.  The  ideal  monitoring  tool  is  reliable, 
secure  and  easy  to  use. 

These  are  the  ideal  criteria  against  which  we  measured 
products  from  the  seven  vendors  that  participated  in  this 
test  (see“How  we  did  it” at  www.nwdocfinder.com/7321). In 
our  lab,  we  tested  AdventNet’s  OpManager,  Avocent  s  LAN- 
Desk  Server  Manager,  Dartware’s  Intermapper,  Fluke’s  Net- 
Tool  Inline  Network  Tester  and  LinkRunner  Network  Multi- 
Meter,  Heroix’s  Longitude,  ipMonitor’s  ipMonitor,  and  Neon 
Softwares  LANsurveyor  and  CyberGauge. 

While  all  these  tools  showed  their  mettle,  maturity  and 
merit  in  our  tests,  ipMonitor  edged  out  the  competition  for 
the  Clear  Choice  Award  by  virtue  of  its  accurate  discovery 


The  blurred  lines  of  network  monitoring 

When  it  makes  sense  to  pay  more  for  management  tools 


fhy  would  a  company  of  any  size  spend  $50,000, 
$100,000  or  more  on  HP's  Network  Node 
Manager,  Alcatel-Lucent’s  VitalSuite,  CA’s 
eHealth  or  Spectrum,  IBM's  (formerly  Micromuse's) 
NetCool,  Argent's  Guardian  or  other  products  if  the 
entry-level  products  we  tested  are  so  capable?  There 
are  a  few  reasons  why. 

«  Sophistication  — Their  complexity  lets  the  expen¬ 
sive  iools  monitor  networks  more  accurately,  For 
instance,  you  can  avoid  more  false  alarms  with  the 
expensive  products  because  you  can  set  sophisticated 
thresholds:  "Alert  me  if  Link  X's  utilization  exceeds  5% 
on  Saturdays  and  Sundays,  20%  after  8  p.m.  during  the 
week,  50%  during  weekdays  or  75%  at  10  a.m.  and  2 
p  n i  on  weekdays."  The  expensive  products  are  also 
isuaily  quite  good  at  performing  root-cause  analysis. 


mm 


•  Scalability  — The  expensive  products  typically 
have  a  distributed,  n-tier  architecture  that  helps 
them  scale  upwards  to  handle  100,000  or  more  net¬ 
work  nodes. 

•  Integration  — The  expensive  tools  integrate  well 
with  third-party  software  and  even  with  each  other. 
For  instance,  both  CA's  eHealth  and  Spectrum  prod¬ 
ucts  integrate  with  CA’s  network  documentation 
tool,  netViz. 

•  Specific  device  support  —  Understanding  the 
Babel  of  languages  emitted  by  a  widely  heteroge¬ 
neous  collection  of  network  devices  is  another  forte 
of  the  expensive  tools.  CA's  eHealth,  for  instance,  is 
an  absolute  polyglot  that  ships  with  more  than  1,000 
Management  Information  Bases. 

—  Barry  Nance 


IpMonitor  won  our  Clear  Choice  award  for  its  ability  to  moni¬ 
tor  systems  on  the  network  accurately.  For  servers,  ipMonitor 
shows  such  metrics  as  uptime;  bandwidth,  CPU  and  memory 
use;  and  response  times. 

process,  pervasive  device  and  application  monitoring,  abil¬ 
ity  to  fix  some  problems  automatically  ease  of  use  and 
good  security  Heroix  Longitude  battled  ipMonitor  neck- 
and-neck  with  a  wealth  of  features,  including  support  for 
highly  diverse  networks,  superior  service-level  agreement 
(SLA)  tracking,  ease  of  use  and  well-designed  reports. 

IpMonitor 

IpMonitor,  which  costs  $995  for  500  monitored  elements 
and  can  run  on  various  flavors  of  Windows  (XP2000  and 
2003),  keeps  watch  over  devices,  applications,  databases 
and  servers.  It  recognizes  and  monitors  Windows  servers 
(NT,  2000,  XP  2003),  Microsoft  Exchange,  Microsoft  SQL 
Server  and  Oracle  database  servers,  Dell  and  HP  physical 
servers,  Cisco  routers,  Foundry  Networks  switches,  APC 
back-up  power  protection  systems  and  even  NetBotz  envi¬ 
ronmental  monitors.  The  protocols  it  monitors  are  HTTP 
Secure-HTTP  FTP  POP3,  1MAP4,  ICMP/ping,  SNMP 
HTML/ASP  SMTP  DNS,  Lotus  Notes,  Lightweight  Directory 
Access  Protocol,  RADIUS, Telnet  and  SNPP 

IpMonitor  quickly  and  accurately  scans  a  network  to  dis¬ 
cover  applications,  servers,  devices  and  services  on  part  or 
all  of  a  network.  IpMonitor  groups  the  results  by  IP  address 
or  domain  name,  and  it  helpfully  suggests  what  to  monitor 
more  closely  based  on  its  findings  during  the  scan. 

While  it  keeps  a  close  eye  on  all  these  network  compo¬ 
nents,  if  your  network  is  primarily  Windows-based  and  you 
want  to  watch  closely  for  client  and  server  connectivity 
problems,  Windows  application  issues  and  operating  sys¬ 
tem  faults,  ipMonitor  is  the  tool  of  choice.  It  tracks  Windows 
Services,  event  log  entries,  free  disk  space,  Active  Directory, 
and  Kerberos  and  specific  key  files  that  you  designate. 

See  Network  management,  page  32 
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Turns  out  that  "pet-friendly”  also  means  "server-hostile 
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E-mail  system  protection.  No  matter  what  happens 


Whether  it's  malware,  auditors,  policy 
requirements,  power  outages,  or  something  completely  unforeseeable  that  has  you  working  late, 
Microsoft®  Exchange  Hosted  Services  can  help  free  you  from  these  distractions.  When  you  use 
Microsoft's  enterprise-class  hosted  services,  you  task  us  with  achieving  the  advanced  level  of  security, 
compliance,  and  availability  your  business  requires.  With  no  hardware  or  software  to  install,  these 
services  are  easy  to  deploy,  manage,  and  maintain— giving  you  more  time  for  what  really  moves  your 
business  forward.  Microsoft  Exchange  Hosted  Services. 


We've  got  your  back. 


_ 


Microsoft 


HostecTServices 
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NetTool  Inline 
Network  Tester  and 
LinkRunner  Network 
MultiMeter 

Product 

1  CLEAR  CHOICE  ip! 

ipMonitor  8.0 

Longitude  4.0 

OpManager  MSP 
Edition 

LANsurveyor  9.6  and 
CyberGauge  7.0 

Intermapper  4.5 

LANDesk  Server 
Manager  8.7 

Vendor 

ipMonitor 

www.ipmonitor.com 

Heroix 

www.heroix.com 

AdventNet 

www.adventnet.com 

Neon  Software 

www.neon.com 

Dartware 

www.dartware.com 

LANDesk  Software 
(an  Avocent 
company) 

www.landesk.com 

Fluke  Networks 

www.flukenetworks 

.com 

Price 

Starts  at  $995. 

Starts  at  $299. 

Starts  at  $795. 

LANsurveyor  starts 
at  $795;  CyberGauge 
starts  at  $395  for  five 
devices. 

Monitors  100  devices 

for  $1,400. 

$129  per  server  node. 

NetTool  Inline  Net- 
workTester  is  $995; 
LinkRunner  Network 
MultiMeter  is  $450. 

Pros 

Accurate  discovery; 
monitors  diverse  set 
of  devices  and  appli¬ 
cations;  provides 
flexible  notifications; 
offers  security 
parameters. 

Provides  service- 
level-agreement 
monitoring  features; 
very  easy  to  use; 
offers  excellent 
remote  instrumen¬ 
tation  techniques. 

Offers  detailed 
network  maps; 
provides  pervasive 
and  comprehensive 
monitoring;  strong 
alert  escalation. 

Offers  strong 
network  discovery 
and  alerting. 

Provides  strong 
network  mapping 
and  supports 
monitoring  across  a 
wide  range  of 
platforms. 

Excellent  server 
monitoring;  offers 
some  intrusion-pre¬ 
vention  measures; 
includes  predictive 
failure  analysis;  has 
software  distribution 
capabilities. 

Focuses  on  portable 
cable  and 

connectivity  testings. 

Cons 

Needs  deeper 
monitoring  of  Unix 
platforms. 

Doesn't  monitor 

Lotus  Notes  or 
Lightweight 

Directory  Access 
Protocol  servers. 

Can’t  restart  a  failed 
Windows  Service. 

Agent  component 
should  be  included 
(not  optional);  needs 
to  support  more 
applications. 

No  corrective 
;  actions. 

No  corrective 
actions;  doesn't 
monitor  switches  or 
routers. 

Small  screen;  few 
graphics;  takes  no 
corrective  actions. 

Score 

4.7 

4.6 

3.9 

3.7 

3.5 

3.5 

3.4 

The  Breakdown 

ipMonitor 

Heroix  Longitude 

AdventNet  OpManager 

Neon  LANsurveyor  and 
CyberGauge 

Dartware  Intermapper 

LANDesk  Server  Manager 

Lluke  NetTool  and 
LinkRunner 

Monitoring  20% 

5 

5 

5 

4 

4 

3 

3 

Reporting  20% 

4 

' 

4 

4 

4 

4 

4 

4 

Ease  of  use  20% 

5 

5 

3 

3 

3 

4 

4 

Notifications  20% 

5 

5 

4 

4 

4 

3 

3 

Corrective  actions  10% 

5 

« 

3 

3 

1 

3 

1 

Installation  and 
documentation  10% 

4 

5  4 

4 

4 

4 

5 

Total  score 

4.7 

4.6 

3.9 

3.7 

3.5 

3.5 

3.4 

Scoring  Key:  5:  Exceptional:  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Subpar  or  not  available 
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Check  out  our  LAN/WAN  Management  Buyer's  Guide. 

www.nwdocfinder.com/1082 


Network  management 

continued  from  page  30 

IpMonitor  keeps  tabs  on  Unix-based  servers  via  ICMP/ping 
and  via  the  network  protocol  streams  emitted  by  the  Unix- 
based  servers.  We’d  like  to  see  ipMonitor  add  Unix/Linux 
server  resource  consumption  monitoring  to  its  repertoire. 
The  tool  also  generates  synthetic  transactions  to  “tickle” 
Web,  e-mail,  directory  and  database  servers  to  make  sure 
their  applications  are  up  and  running. 

IpMonitor  has  an  especially  strong  alerting  feature. 
When  the  tool  detects  a  QoS  degradation,  a  particular 
pattern  of  network  traffic,  activity  levels  that  exceed  set- 
table  thresholds  or  a  server  or  application  failure, 
ipMonitor  immediately  lets  you  know  via  e-mail,  pager, 
wireless  device  and  network  message  broadcast. 

To  fix  problems  automatically  ipMonitor  can  run  an  ex¬ 
ternal  program,  reboot  a  server  or  restart  a  service  for  alerts 
you  designate.The  browser-based  Web  interface  is  a  highly 
configurable,  responsive  and  easy  to  navigate  window  into 
ip  Monitor.  Through  it,  tailoring  alert  thresholds  or  making 
other  monitored-element  changes  is  a  breeze. 

its  Live  Status  reports  display  up-to-the-minute  health  of 
servers, applications  and  devices, and  ipMonitor’s  period- 


settable  historical-  and  recent-activity  reveal  trends  and 
detail  such  information  as  uptime,  response  time  and  fail¬ 
ure  durations. 

Security  is  ipMonitor’s  forte.To  ensure  confidentiality  and 
tamper-proof  administration,  it  uses  SSL  certificates,  cre¬ 
dentials,  password-challenge  authentication  methods,  IP 
address  filters  and  delegated  administrative  accounts. 

Longitude 

If  your  network  is  a  bit  more  heterogeneous  and  you 
need  a  monitoring  tool  that  can  handle  diversity  Heroix’s 
Longitude  (which  starts  at  $299  per  monitored  system  and 
can  run  on  Red  Hat  and  SUSE  Linux,  as  well  as  Windows 
Server  2003)  should  be  on  your  shortlist.  Longitude  does  a 
superior  job  of  monitoring  a  wide  range  of  applications 
and  operating  environments.  It  comprehensively  measures 
hundreds  of  operational  metrics  that  it  uses  in  its  alerts, 
reports  and  graphical  charts.  To  help  you  tie  your  business 
functions  to  your  network  activity,  Longitude  gathers  the 
right  user-  and  business-related  metrics,  user-defined  trans¬ 
action  metrics  and  usage  trend  data. 

Longitude  keeps  tabs  on  Windows  Server  2000/2003,  XP 
Red  Hat  Linux,  SUSE  Linux,  Sun  Solaris,  HP  HP-UX  and  IBM 
A1X. Longitude  collects  and  reports  performance  details  for 


Web  servers  (Microsoft  Internet  Information  Server  and 
Apache), databases  (SQL  Server, Oracle  and  MySQL), Java  2 
Platforms  Enterprise  Edition  application  servers  (Web¬ 
Sphere,  WebLogic  and  JBoss),  messaging  environments 
(Exchange  Server  2000  and  2003),  user  transactions  (DNS, 
FTP  HTTP  Ping,  Port,  SMTP),  and  infrastructure  (SNMP 
devices,  Cisco  devices,  Active  Directory  and  DHCP). 

Longitude  is  a  great  SLA  tracker  for  documenting  server 
uptime  and  availability.  The  SLA  feature  can  aggregate 
servers  to  show,  for  instance,  overall  uptime  for  a  group  of 
servers  that  logically  share  a  particular  workload. 

If  one  of  five  related  servers  suffers  downtime  but  the 
other  four  healthy  servers  continue  to  ensure  application 
availability  to  the  business  community,  Longitude  accu¬ 
rately  and  correctly  notes  the  server’s  downtime  on  its 
dashboard  and  in  its  monitoring  reports.  In  addition,  its  SLA 
feature  reports  the  overall  availability  of  the  shared-server 
application  as  “good.” 

When  it  detects  a  problem  with  one  of  the  monitored 
systems,  based  on  threshold  criteria  you’ve  set  up, 
Longitude  uses  its  preconfigured  internal  SMTP  server  to 
send  e-mail  to  the  appropriate  administrators  and/or 
users.  The  e-mail  contains  a  problem  description  along 

See  Network  management  page  34 
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RESTORE  AND  MAINTAIN  PEAK  PERFORMANCE 


Eight  things  you  need  to  know  -  a  special  report 
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Diskeeper’s  interface  shows  fragmentation  levels  and  relative  location  of  all 
the  files  and  folders  on  the  selected  volume. 


As  an  IT  Professional,  you 
know  the  importance  of 
maintaining  system  per¬ 
formance  and  reliability. 
Your  team  is  the  one  called  to  the 
rescue  when  desktops  or  servers 
crash,  slow  down  or  freeze.  Many 
of  these  issues  stem  from  a  single, 
hidden  source:  disk  fragmentation. 

1  Reliability  issues  com¬ 
monly  traced  to  disk 
■  fragmentation:  Crashes 
and  system  hangs/freezes;  slow 
boot  times  and  boot  failures;  slow 
back  up  times  and  aborted 
backup;  file  corruption  and  data 
loss;  errors  in  programs;  cache 
issues;  hard  drive  failures. 

Having  files  stored  contiguously  on 
the  hard  drive  is  a  key  factor  in 
keeping  a  system  stable  and  per¬ 
forming  at  peak  efficiency.  Even  a 
small  amount  of  fragmentation  in 
your  most  used  files  can  lead  to 
crashes,  conflicts  and  errors. 

The  weak  link  in  today’s 
computers:  A  computer 
■  system  is  only  as  fast  as  its 
slowest  component.  The  disk  drive 
is  by  far  the  slowest  of  the  three 
main  components  of  your 
computer:  CPU,  memory  and  disk. 
Even  with  the  fastest  CPU  system 
performance  would  be  affected  by 
disk  fragmentation. 

Is  real-time,  automatic 
defragmentation  needed 
■  in  today’s  environment? 

More  than  ever!  Large  disks,  multi- 
media  files,  applications,  operating 
systems,  system  up-dates,  virus 
signatures  —  all  dramatically 
increase  the  rate  of  fragmentation. 
Fragmentation  increases  the  time 
to  access  files  for  all  common 
system  activities  including  opening 
and  closing  Microsoft®  Word  docu¬ 
ments,  searching  for  emails, 
opening  web  pages  and  perform¬ 
ing  virus  scans.  To  keep  perform¬ 


ance  at  peak,  defragmentation 
must  be  done  daily. 

Increased  server  uptime: 

Fragmentation  can  cripple 
a  server  performance  and 
reliability  resulting  in  downtime 
and  lost  production.  Diskeeper 
can  easily  and  safely  be  used  on 
your  servers  including:  file  and 
print,  web,  domain  controllers, 
SQL,  Exchange,  and  any  other 
database  or  application  servers. 

Virtualization  and  frag¬ 
mentation:  Server  virtual- 

■  ization  can  be  used  to 
reduce  the  number  of  physical 
systems  for  more  efficient  CPU 
utilization.  However,  there  is  a 
downside;  the  disk  subsystem 
must  now  account  for  increased 
disk  I/O.  Disk  fragmentation  is  the 
primary  cause  of  unnecessary  I/O 
overhead.  Automatic  defragmen¬ 
tation  is  more  important  than  ever 
for  maximum  performance. 

Hidden  scheduled 
defragmentation  costs: 

e  Scheduled  defragmenta¬ 
tion  is  not  “free”  —  it  has  heavy 
hidden  costs,  such  as  IT  time  to 
set  and  monitor  defrag  for  every 
system.  This  results  in  either 
staying  after  hours  to  defrag, 
giving  the  users  administrator 
privileges  (not  likely!),  break-fix 
handlings,  or  more  often  no 
defrag  whatsoever. 

How  do  I  find  out  how 
much  fragmentation  I 

■  have?  Download  a  free  trial 
version  of  new  Diskeeper  2007  at: 

www.  diskeeper.  com/analysis8 

Install  it,  select  a  volume,  select 
Analyze  and  view  the  report. 

Advanced,  automated 
defragmentation: 

■  Maintaining  systems  can 
be  a  daunting  task  -  maintenance, 
including  regular  defragmentation, 


must  take  place  regularly  to  keep 
them  running  at  peak  levels. 
However,  with  constant  uptime 
required,  scheduling  such 
processes  to  run  at  the  right  times 
can  be  tricky,  since  while  running 
they  pose  a  considerable  drain  on 
system  resources. 

Diskeeper  2007  marks  the  end  of 
scheduling,  and  the  beginning  of 
REAL  TIME,  on  the  fly  mainte¬ 
nance  of  systems.  Never  again 


worry  about  dips  in  performance 
or  straining  valuable  system 
resources  -  even  when  demand  is 
at  its  absolute  highest! 

Customers  agree  Diskeeper  main¬ 
tains  the  performance  and  reliabil¬ 
ity  of  their  desktops  and  servers, 
reducing  maintenance  and 
increasing  hardware  life. 

Every  system  you  manage  needs 
Diskeeper  for  enhanced  file  system 
performance  —  automatically! 


Diskeeper 


Enhancing  File  System  Performance 

—  Automatically 


Special  Offer 


TM 


2007 


Try  Diskeeper  2007  FREE  for  45  days! 

Download:  www.diskeeper.com/nww8 

(Note:  Special  45-day  trialware  is  only  available  at  the  above  link) 

Volume  licensing  and  Government  /  Education  discounts  are 
available  from  your  favorite  reseller  or  call  800-829-6468  code  9258 

For  test  results,  white  papers  and  case  studies,  visit  http://www.diskeeper.com/nwdocs8 
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Longitude's  statistical  dashboard  reveals  status  and  health 
information  in  the  form  of  configurable  dials,  graphs  and  charts. 

Network  management 

continued  from  page  32 

with  sufficient  detail  to  help  a  network  administrator  fix 
the  problem.  Longitude  also  can  execute  a  program, 
either  locally  or  remotely,  to  help  solve  the  problem. 

Longitude’s  browser-based  user  interface  is  easy  to 
navigate  and  understand.  Longitude  has  thoughtfully 
designed  real-time  dashboards  with  pin-point  drill¬ 
down  capabilities. 

OpManager 

AdventNet’s  OpManager,  which  starts  at  $795  per  server 
and  runs  on  Windows  (2000,  2003  and  XP)  and  Linux 
(Red  Hat  and  Debian)  servers,  is  the  Swiss  army  knife  of 
monitoring  and  management  tools.  It  expansively  and 
comprehensively  monitors  virtually  every  possible  net¬ 
work  nook  and  cranny,  including  WAN  links,  servers, 
switches,  routers,  printers, Windows  Event  log  entries, Web 
site  URLs, TCP/IP  services,  specific  applications, Windows 
Services,  APC  UPS  devices,  network  and  application  per¬ 
formance  and  Active  Directory.  OpManager  includes  a 
Management  Information  Base  (M1B)  browser  for  exam¬ 
ining  MIB  entries  of  SNMP  devices  as  well  as  a  switch  port 
mapper.  It  can  also  issue  trouble  tickets  via  AdventNet’s 
help  desk  product  ServiceDesk  Plus. 

OpManager’s  device  discovery  didn’t  see  one  of  our 
printers  in  one  test  (but  did  see  it  in  a  subsequent  test). 
The  software  groups  discovery  results  onto  neatly  orga¬ 
nized  maps  of  switches,  printers  and  other  devices.  The 
switch  map  displays  the  status  of  each  switch  and  its 
ports.The  router  map  depicts  the  health  of  each  interface. 

OpManager’s  router  monitoring  function  collects  more 
than  25  statistics  from  Cisco  devices.  The  TCP/IP  services 
function  tracks  activity  for  many  common  protocols 
(HTTP FTP SMTP POP3, 1MAPDNS  and  others).  Its  applica¬ 
tion  monitor  babysits  Microsoft  Exchange,  Lotus  Notes, 
MySQL,  Oracle  and  SQL  Server.  It  tells  you  if  a  Windows 
service  has  failed. Tlie  CPU,  memory  and  disk  space  mon¬ 
itoring  function  lets  you  stay  ahead  of  server  capacity 
problems  If  you  have  lots  of  servers,  you’ll  find 
OpManager’s  Top  Ten  view  helpful  —  it  shows  the  busiest 
servers  for  CPU,  memory  and  disk  utilization. 

When  it  detects  a  threshold  violation, OpManager  alerts 
you  via  e-mail  and  pager.  It  can  send  SNMP  traps  to  an¬ 
other  network  management  system  such  as  OpenView, 


and  its  configurable  problem  escalation  rules  ensure  that 
someone  in  your  company  will  learn  that  a  problem  has 
occurred. To  correct  the  problem,  OpManager  can  run  a 
system  command  or  execute  an  external  program. 

OpManager’s  abundance  of  reports  and  graphs  reveal 
every  possible  network  statistic  or  metric. 

LANsurveyor  and  CyberGauge 

If  you  need  to  document  which  computers  and  devices 
are  on  your  network  and  watch  for  intruders  in  addition 
to  monitoring  network  health,  you’ll  want  to  look  into 
Neon  Software’s  LANsurveyor  and  CyberGauge  combina¬ 
tion.  Both  of  these  software  packages  run  on  Windows 
2000,  2003  and  XP  machines,  and  pricing  starts  at  $795 
per  server  for  LANsurveyor  and  $395  for  CyberGauge  for 
five  devices. 

Besides  monitoring  the  availability  of  servers,  applica¬ 
tions,  devices  and  links,  LANsurveyor  automatically  dia¬ 
grams  your  network  and,  via  SNMR  documents  all  the 
devices  on  the  network.  LANsurveyor  options  include 
intruder  detection,  which  identifies  potential  intruders, 
disables  access  for  unauthorized  nodes  and  performs  an 
analysis  to  determine  node  vulnerabilities,  and  a  second 
agent-based  option  called  Neon  Responder  for  remotely 
controlling  Windows,  Macintosh  and  Linux  computers  as 
well  as  saving  LANsurveyor  data  in  a  relational  database. 

When  network  activity  exceeds  a  LANsurveyor  thresh¬ 
old  you’ve  set,  it  sends  e-mail,  Windows  Messaging  alerts 
and  SNMP  traps  (to  OpenView,  for  instance)  to  notify  an 
appropriate  administrator  of  the  problem.  LANsurveyor 
also  can  page  you,  insert  entries  into  a  syslog  and,  for 
problems  susceptible  to  automatic  correction,  let  you 
remotely  launch  a  computer  program.  Rather  smartly, 
LANsurveyor’s  thresholds  are  sophisticated  enough  to  let 
you  specify  that  you  want  to  be  alerted  only  if  available 
bandwidth  falls  below  a  certain  percentage  during  the 
work  day  or  that  alerts  should  be  directed  to  a  separate  set 
of  people  on  the  weekend. 

LANsurveyor’s  discovery  function  is  quick  and  accurate. 
Via  its  Custom  Report  wizard,  LANsurveyor  displays  infor¬ 
mation  on  discovered  nodes,  SNMP  data  retrieved  from 
network  devices,  agent  data  collected  from  Neon  Re¬ 
sponders  and  Session  Initiation  Protocol  VoIP  statistics. 
For  example,  the  Switch/Hub  Ports  Report  is  a  complete 
list  of  all  nodes  connected  to  one  or  more  managed 
switches  or  hubs.You  can  export  report  data  into  Excel. 

As  a  complement  to  LANsurveyor,  CyberGauge  mea¬ 
sures  bandwidth  utilization  and  uses  SNMP  to  monitor 
devices  such  as  routers,  gateways,  network-attached  stor¬ 
age  hardware,  physical  servers,  clients  and  printers.  Cyber- 
Gauge’s  separate  set  of  thresholds,  called  Cascading  Alert 
Limits,  are  just  as  sophisticated  as  LANsurveyor’s  when  it 
comes  to  relating  timeframes  to  network  activity. 

CyberGauge  can  send  e-mail, Windows  Messaging  alerts 
and  SNMP  traps  when  it  detects  an  unresponsive  device 
or  network  overutilization.  Its  reports  show  bandwidth  uti¬ 
lization,  traffic  distribution,  device  availability  statistics 
and  daily,  weekly  and  monthly  QoS,  utilization  and  aver¬ 
age  usage.  You  can  view  CyberGauge’s  reports  as  Web 
pages  or  export  them  as  Excel  worksheets. 

Intermapper 

If  you  like  the  idea  of  a  monitoring  tool  that  displays  a 
meaningful,  easy-to-understand-at-a-single-glance  map  of 
your  network  and  watches  for  connectivity  problems  like 
a  hawk,  then  Dartware’s  Intermapper  is  the  tool  for  you. 

The  Java-based  Intermapper  runs  just  about  everywhere 
and  costs  $1,400  to  monitor  100  devices. 

Intermapper  uses  SNMP  to  monitor  device  connectivity 
and  uses  synthetic  transactions  to  monitor  e-mail,  Web 
and  directory  server  availability.  It  ensures  particular 


Windows  Services  (such  as  RPC,  WinLogon,  Indexer  and 
others)  are  running,  can  promptly  alert  you  via  e-mail  or 
pager  when  problems  occur,  is  easy  to  use  and  produces 
highly  useful  reports. 

In  our  tests,  Intermapper  probed  the  network  and  accu¬ 
rately  discovered  devices  (routers,  switches  and  hubs), 
servers  and  clients.  It  also  used  SNMP  to  poll  these  devices 
to  collect  traffic  and  error  statistics.  It  displayed  an  active, 
real-time  map  of  the  network’s  elements,  and  with  different 
colors  to  depict  distinct  traffic  flows  through  the  network. 

When  it  detects  an  outage  or  a  performance  problem, 
Intermapper  will  e-mail  or  page  you.  Its  useful  reports, 
which  contain  a  wealth  of  detail  about  traffic,  errors,  uti¬ 
lization  and  outages,  include  what  Dartware  has  termed 
Status  Windows,  Strip  Charts  and  Device  Lists.  For  exam¬ 
ple,  the  Status  Window  report  for  an  interface  shows  trans¬ 
mit/receive  statistics,  utilization  rates,  device  name,  link 
type,  link  description,  link  status,  IP  address  and  media 
access  control  (MAC)  address.  For  spotting  trends, 
Intermapper  graphs  network  daily,  weekly,  monthly  and 
yearly  intervals  to  show  the  performance  history  of  a 
device  or  connection. These  graphs  display  percent  uti¬ 
lization,  error  counts,  packet  counts  and  byte  counts. 

Unfortunately,  Intermapper  doesn’t  take  corrective 
actions  for  the  problems  it  notes.  Its  user  interface  is 
thoughtfully  designed  and  intuitive,  but  it’s  not  as  respon¬ 
sive  as  a  native  (non-Java)  interface  would  be.  Intermapper 
doesn’t  need  to  use  distributed  agents  to  collect  data. 

LANDesk  Server  Manager 

LANDesk  Server  Manager  focuses  tightly  on  the  heart  of 
your  network  —  its  servers. Server  Manager,  which  runs  on 
HP-UX, SUSE,  Red  Hat  Linux  and  Windows  (2000,2003  and 
XP),  monitors  servers  and  their  applications,  tracks  your 
software  licenses  and  automates  the  deployment  of  new 
software  versions,  updates  and  patches. 

Server  Manager’s  monitoring  function  uses  a  customiz¬ 
able  browser-based  dashboard  to  quickly  and  accurately 
show  you  what’s  running  in  your  servers  —  and  what’s  not. 
Whether  sitting  in-  or  out-of-band  (through  the  existing 
network  or  a  separate  link  you  establish)  Server  Manager 
displays  a  wealth  of  information  about  each  server.  Its  cor¬ 
rective  action  feature  is  a  function  that  lets  you  remotely 
repair  a  server  configuration.  Server  Manager’s  firewall- 
friendly  remote  agents  collect  server  performance  data  via 
CIM,  WMI,  SMBIOS,  WBEM  and  WfM,  and  Server  Manager 
can  examine  log  files  for  unusual  events.You  have  to  install 
the  agents  on  every  monitored  server,  but  once  in  place, 
they  work  well  and  unobtrusively 

Server  Manager’s  predictive  failure  analysis  feature  looks 
at  historical  trends  and  real-time  error  situations  to  help 
you  understand  the  scope  and  cause  of  server  problems. 
Server  Manager’s  reports  are  excellent  for  showing  detail 
on  server  health  and  identifying  server  utilization  trends. 

Server  Manager  includes  a  host-based  intrusion-detec¬ 
tion  feature,  which  LANDesk  terms  integrated  active  vul¬ 
nerability  scanning,  to  alert  you  to  security  problems.  To 
further  enhance  security  as  well  as  licensing  agreements, 
Server  Manager  monitors  software  license  activity  and 
can  deny  the  execution  of  unauthorized  computer  pro- 
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grams.  Server  Manager  acts  as  a 
central  repository  for  the  distrib¬ 
ution  of  application  changes  and 
even  whole  operating  system 
deployments. 

NetTool  and  LinkRunner 

Do  your  network’s  cables  and 
connections  give  you  head¬ 
aches?  If  so,  the  handheld  Net- 
Tool  and  LinkRunner  testers 
from  Fluke  belong  in  your  net¬ 
work  management  toolbox. 
Fluke  offers  four  versions  of  the 
NetTool  Series  11  Inline  Network 
Tester,  from  the  top-of-the-line 
NetTool  Series  II  Pro  VoIP  to  the 
entry-level  NetTool  10/100.  The 
Pro  versions  contain  more  net¬ 
work  diagnostic  tests,  and  the 
VoIP  versions  can  test  office 
phone  connections.  The  Pro 
VoIP  tester  that  Fluke  sent  us 
was  especially  handy  for  verify¬ 
ing  and  troubleshooting  our 
VoIP  links. 

Connecting  a  NetTool  tester 
between  a  device  and  its  net¬ 
work  cable  gives  you  an  excel¬ 
lent  view  of  traffic  running  to 
and  from  that  device.  For  in¬ 
stance,  the  NetTool  tester  shows 
which  protocols  are  in  use  along 
with  frame  counts  and  error 
counts, and  the  tester  gives  you  a 
precise  and  detailed  condition 
report  on  the  cable,  including  its 
length  and  internal  wiring  in¬ 
tegrity.  The  unit’s  alerts  show  up 
as  highlighted  warning  and 
error  messages. 

In  our  lab’s  VoIP  environment, 
the  NetTool  tester  divulged  key 
boot  events  such  as  DHCP  ad¬ 
dress  acquisition,  DNS  lookup  of 
call  servers  and  gateways,  down¬ 
loading  of  operating  files  and 
call  server  registration.  NetTool’s 
VoIP  Log  showed  call  control 
events,  QoS  configuration,  call 
quality  metrics,  RTP  configura¬ 
tion  (including  IP  addresses  and 
ports  used),  virtual  LAN  priority, 
Diff-Serv,  codec  and  quality  met¬ 
rics  such  as  jitter  and  dropped 
packets. 

The  NetTool  quantifies  Power 
over  Ethernet  and,  via  digital  sig¬ 
naling,  helps  locate  specific 
cables  on  an  active  network.  The 
handheld  unit’s  small  but  well- 
designed  display  of  MAC  and  IP 
addresses,  subnets  and  services 
offered  by  active  servers,  routers 
and  printers  makes  it  a  quick, 
portable  tool  for  spotting  avail¬ 
able  network  resources.  The  Net- 
Tool  Pro  and  VoIP  models’  report¬ 
ing  capabilities  consist  of  up¬ 
loading  data  to  a  PC  for  further 


manipulation  in,  say,  a  spread¬ 
sheet  program. 

The  much  simpler  LinkRunner 
Network  Multimeter  (which  costs 
$395)  is  a  cable  tester  that  can 
verify  a  cables  condition  as  well 
as  show  the  speed,  duplex  setting 
and  service  type  for  an  in-use 
cable.  It  can  ping  nodes,  and  the 


LinkRunner  can  help  you  iden¬ 
tify  which  cables  go  where  for 
documentation  purposes. 

Conclusion 

We  found  all  seven  product 
combinations  mature,  feature- 
rich,  robust,  useful  and  afford¬ 
able.  However,  each  one  is  built 


to  hone  in  on  particular  network 
and  server  issues  that  make  it 
appropriate  for  solving  certain 
problems  or  monitoring  certain 
kinds  of  networks. 

Overall,  ipMonitor  gave  us  the 
best  mix  of  discovery,  monitoring 
of  diverse  devices  and  applica¬ 
tions,  flexible  notifications,  useful 


reports  and  ease  of  use.  It’s  our 
all-around  winner. 

Nance  runs  Network  Testing 
Labs  and  is  the  author  of 
Introduction  to  Networking,  4th 
Edition  and  Client/Server  LAN 
Programming.  He  can  be  reached 
at  barryn@erols.com 
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ADVERTISING  FEATURE 

In  Their 

s 

Vendor  Solutions  for  Your  IT  Challenges 


COMPANY:  Sandstorm  Enterprises,  Inc. 

OVERVIEW:  Sandstorm  Enterprises  produces  a  set 
of  network  monitoring,  network  forensics  analysis,  and 
security  auditing  products  that  include  PhoneSweep, 
Netlntercept,  Sandtrap,  and  LANWatch.  Sandstorm  has 
been  dedicated  to  making  reliable,  practical,  and  innova¬ 
tive  software  since  1 998. 

CHALLENGE:  In  December  2006,  the  Rules  of  Federal 
Civil  Procedure  were  amended  to  cover  electronic  discov¬ 
ery  issues. The  current  electronic  discovery  process  can 
be  quite  time-consuming,  and  so  many  companies  are 
investing  in  solutions  for  tracking,  archiving,  and  search¬ 
ing  electronic  data,  since  access  to  that  information  might 
be  required  during  the  course  of  an  investigation. 

SOLUTION:  Continuous  capture,  monitoring,  and 
analysis  of  network  traffic  preserves  a  record  of  elec¬ 
tronic  data  traveling  over  your  networks.  When  you  have 
captured  and  archived  network  traffic,  the  data  becomes 
much  more  accessible,  and  electronic  discovery  can 
happen  at  a  time  and  place  of  your  choosing.  The  prob¬ 
lem  becomes: "Flow  to  find  the  interesting  data  hiding 
in  all  that  traffic?" 

Netlntercept  can  quickly  pinpoint  items  of  interest  in 
network  traffic.  It  analyzes  and  reports  on  your  captured 
data,  reconstructs  sessions  between  machines  on  the 
monitored  network,  and  monitors  your  organization's 
compliance  with  network  usage  restrictions  during  the 
discovery  process.  Furthermore,  the  analysis  process 
does  not  alter  the  captured  data,  so  it  is  available  to  be 
examined  or  reanalyzed  at  need. 

Netlntercept  analyzes  up  to  999,999  sessions  at  once, 
saving  session  data  and  reconstructing  files  sent  over 
the  network.  Afterwards,  many  types  of  data  are  avail¬ 
able,  from  actions  taken  from  a  single  workstation,  to 
overviews  of  all  network  activity  for  a  group  of  users,  to 
searches  for  "hot  button"  words  and  phrases,  to  reports 
on  the  analyzed  data. 

Producing  information  in  response  to  an  electronic 
discovery  request  is  often  a  burden  in  terms  of  time  and 
money.  Your  access  to  the  archived,  analyzed  data  can 
make  the  difference  between  ten  minutes  and  ten  days 
worth  of  productive  employee  time  lost  to  electronic  dis¬ 
covery  efforts.  With  Netlntercept,  you  can  easily  discover 
what  you  have,  and  lower  your  costs  for  electronic  dis¬ 
covery  should  your  company  ever  be  named  in  a  lawsuit. 

For  more  information,  download  the  Netlntercept  demo 
at:  www.sandstorm.net/products/netintercept/request- 

demo.php?itw207 

781-333-3200 

www.sandstorm.net 
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Keeping  blade  servers  fast 
cool  and  compact 


BY  JENNIFER  MEARS 

It’s  safe  to  say  were  past  the  hype  when  it  comes  to 
blade  servers.Today,  blade  servers  are  a  reasonable  option 
for  organizations  that  want  to  make  efficient  use  of  their 
data  center  space. 

But  with  processing  power  growing  fast,  blade  servers  — 
and  traditional  rack  mount  servers,  for  that  matter  —  may 
soon  find  they  don’t  have  the  I/O  capabilities  to  keep  up. 
We  can  talk  about  I/O  issues  more  generally  in  another 
newsletter,  but  for  this  one  1  want  to  focus  on  blade 
servers  specifically 

Today  x86  processors  are  getting  more  powerful  and 
organizations  are  opting  to  slice  up  the  physical  x86  sys¬ 
tems  into  multiple  virtual  machines  to  get  the  most  effi¬ 
cient  use  of  CPU  power. This  is  especially  true  on  blades, 
which  are  a  prime  target  for  virtual  workloads.The  trouble 
is  that  as  more  applications  are  put  on  single  physical 
blades,  the  ability  to  move  data  in  and  out  of  the  systems 
can  end  up  being  a  hang-up. 

Vendors  are  addressing  the  issue.  IBM,  for  example,  last 
year  introduced  10G  Ethernet  support  for  its  BladeCenter 
systems. 

This  month,  Blade  Network  Technologies,  a  spin-out  of 
Nortel,  says  it  will  have  the  first  10G  Ethernet  switch  for 
blades.  The  20-port  Layer  2-3  10G  switch  is  expected  to 
ship  from  IBM  for  its  BladeCenter  H  in  coming  weeks.The 
device  provides  six  10G  uplinks  and  14  downlink  con¬ 
nections  to  individual  blade  servers,  the  company  says. 
The  switch  is  priced  at  just  less  than  $9,800. 

“With  processors  becoming  so  powerful,  people  are 


“Now  you’re  getting  native  10G 
bandwidth  to  every  physical 
server,  which  means  . . .  you  are 
getting  a  lot  more  bandwidth 
than  customers  would  have.” 

Vikram  Mehta ,  president  and  CEO,  Blade  Networks 


looking  to  XenSource  and  to  technologies  like  VMware  to 
be  able  to  carve  up  their  physical  machines  into  multiple 
virtual  machines,  and  as  they  do  that  one  of  the  things 
that  becomes  a  bottleneck  is  the  network  bandwidth  that 
you  can  get  to  every  individual  server  blade,”  says  Vikram 
Mehta,  Blade  Network’s  president  and  CEO. 

With  today’s  2G  or  3GB  connections  there  is  a  limit  to 
how  much  bandwidth  is  accessible  to  each  virtual 
workload.  “What  has  changed  with  [our  announce¬ 
ment]  is  you’re  now  getting  native  10G  bandwidth  to 
every  physical  server,  which  means  if  you  carve  up  that 
physical  server  into  multiple  virtual  machines, you’re  get¬ 
ting  a  lot  more  bandwidth  than  customers  would  tradi¬ 
tionally  have,”  Mehta  says. 

In  addition,  Blade  Network’s  switches  are  embedded 
into  the  blade  chassis,  reducing  space  demands,  as  well 
as  cooling  issues.  “The  fact  that  10G  technology  is  inte¬ 
grated  into  the  chassis  solves  a  lot  of  wiring  issues,” 
Mehta  says.B 


E-MAIL  NEWSLETTER  SHOWCASE:  Wireless  in  the  enterprise 

Hidden  nodes  and  Wi-Fi  performance 


BY  JOANIE  WEXLER 

There  are  many  aspects  to  managing  unlicensed  Wi-Fi 
spectrum  to  avoid  interference  and  optimize  wireless 
LAN  application  performance.  Interference  can  be 
caused  by  traffic  butting  up  against  other  traffic  in  over¬ 
lapping  channels,  another  operator’s  802.1 1  devices  con¬ 
tending  for  your  spectrum, non-802.1 1  devices  operating 
in  the  spectrum,  and  environmental  factors  blocking  or 
degrading  signals,  to  name  a  few. 

A  less-obvious  interference  culprit  is  the  “hidden  node.” 

Hidden  nodes  are  basically  client  devices  that  are  all 
within  range  of  the  WLAN  access  point 
but  are  not  necessarily  within  range  of 
each  other.  Picture  an  access  point  in 
the  middle  of  a  circle.  Client  A  is  at  9 
o’clock,  164  feet  from  the  access  point. 

Client  B  is  at  3  o’clock,  164  feet  from  the 
access  point.  The  distance  between  the 
two  clients  —  or  the  diameter  of  the  cir¬ 
cle  —  will  be  328  feet. 

As  you  likely  know,  the  802.1  lb/a/g 
suite  of  standards  uses  a  media 


access  control  mechanism  called  carrier  sense  multiple 
access  with  collision  avoidance.  Client  nodes  more 
than  300  feet  apart  are  not  likely  to  “hear”  each  other 
transmitting  in  order  to  avoid  a  collision.  Two  nodes 
transmitting  on  a  common  channel  at  once  causes  col¬ 
lisions,  which  results  in  interference  and  lowers 
throughput  and  response  times. 

Some  of  the  Wi-Fi  RF  monitoring  and  management 
products  can  detect  hidden  nodes. AirMagnet,  for  one,  just 
announced  this  capability  in  the  latest  version  of  its  lap¬ 
top  analyzer  product,  Laptop  Analyzer  7.0  Pro,  last  week.  If 
performance  is  suffering,  of  course, one 
of  the  first  things  you  have  to  do  is  find 
the  source  of  the  problem,  so  this  type 
of  capability  can  be  a  handy  tool. 

Once  you  realize  you’ve  got  a  hidden 
node  situation,  what  can  you  do?  A  few 
suggestions  next  time. 

Wexler  is  a  writer/editor  in  Silicon 
Valley.  She  can  be  reached  at 
joanie@jwexler.com. 
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BUSINESS  JUSTIFICATION 


The  best  and  worst  of  working  in  IT 

Network  execs  detail  what  they  love  —  and  hate  —  about  their  jobs 


BY  JOANNE  CUMMINGS 


Bruce  McMillan  had  a  couple  of  weeks  off  around  the 
holidays.  Sharing  some  eggnog  with  his  neighbors, 
he  realized  something  about  himself  and  his  job. 
While  his  neighbors  were  dreading  returning  to  work,  he 
was  looking  forward  to  it. 


“I  told  them  I  couldn’t  wait  —  we  were 
expecting  some  new  hardware,  and  1  was 
looking  forward  to  checking  it  out,”  says 
McMillan,  who  is  manager  of  emerging 
technologies  at  Solvay  Pharmaceuticals,  a 
multinational  corporation  headquartered 
in  Brussels,  Belgium.  “That’s  the  best  thing 
about  my  job  —  I  get  paid  to  play  with  tech¬ 
nology  What  a  deal.” 

McMillan  and  his  team  recently  com¬ 
pleted  a  server  consolidation  project,  using 
VMware  virtualization  technology,  that 
reduced  the  number  of  hardware  servers 
in  his  firm’s  Marietta,  Ga.,  data  center  from 
100  to  33.  The  project  earned  a  Pioneer 
Award  and  Innovation  Award  within 
Solvay  and  McMillan  is  now  charged  with 
extending  it  to  Solvay’s  European  sites. 

Such  recognition  is  another  reason  he 
enjoys  his  job.  “Solvay  is  a  great  place  to 
work,”  he  says. “They  encourage  us  to  think 


about  what  we’re  doing  and  find  better 
ways  to  do  things  —  and  that’s  fun.” 

McMillans  sentiments  are  echoed  by  oth¬ 
ers,  many  of  whom  say  they  couldn’t  con¬ 
ceive  of  a  better  job  than  working  in  IT, even 
with  the  inevitable  downsides.  But  beyond 
enjoying  working  with  technology,  most  IT 
execs  cite  less  tangible  job  benefits. 

The  people  side  of  IT 

“The  best  thing  about  my  job  is  the  peo¬ 
ple,”  says  Scott  Anderson,  a  messaging 


administrator  at  a  2,500-seat  state  agency“I 
work  with  a  great  bunch  of  people  here  — 
a  good  team  and  good  customers.” 

Dennis  Barr,  manager  of  IT  at  Larkin 
Group,  an  engineering  firm  in  Kansas  City 
Mo.,  echoes  his  sentiments. “The  best  thing 
about  my  job  is  something  absolutely  non¬ 
technical  —  it’s  the  people  I  work  with  and 
the  relationships  1  have  with  them,”  Barr 
says.“Larkin  is  just  over  60  years  old, and  I’ve 
been  here  21  of  those  years.  I’ve  seen  a  lot 
of  people  come  and  a  lot  of  people  go,  but 
the  work  environment  and  the  culture  of 
the  company  is  what  makes  it  a  pleasure  to 
come  to  work  each  day  ” 

Larkin  is  a  small  firm  with  50  employ¬ 
ees.  “I  am  the  IT  department,  which  can 
get  challenging  at  times,”  he  says.“But  I’m 
on  a  first-name  basis  with  everybody, 
and  I  like  that.” 

Tom  Taylor,  corporate  manager  for  client/ 


server  infrastructure  at  Baptist  Healthcare 
System  in  Louisville,  Ky,  says  he  likes  the 
challenge.  “What  1  enjoy  most  is  working 
with  my  peers  and  customers  to  build  solu¬ 
tions  that  make  sense,”  he  says.  “The  real 
challenge  is  applying  the  technology  in  the 
right  ways  in  the  right  places.  1  can  put  the 
newest  technology  in  a  hospital  and  have 
fun  doing  it  because  of  the  cool  factor,  but 
if  that  technology  does  not  add  to  the 
patients’ care,  1  am  wasting  time  and  money 
I  call  it  Return  on  Care.” 


The  downsides 

Working  in  IT  does  have  its  pitfalls,  how¬ 
ever.  For  example,  Barr  says  over  the  years, 
he’s  seen  technologies  come  and  go,  but  in 
today’s  environment,  security  threats  are 
what  keeps  him  awake  at  night. 

“The  worst  part  of  the  job  is  having  to  be 
paranoid  all  the  time  about  security”  Barr 
says.  “There  are  times  I  feel  like  I’m  a 
policeman  on  the  beat,  and  that’s  very 
stressful.  With  the  Internet,  everything  is  a 
threat, so  there’s  this  pervasive  feeling  that 


you’re  just  one  step  away  from  having  a 
piano  falling  on  you.” 

For  Anderson,  it’s  budgeting.  His 
agency  is  evaluating  rolling  out  a  slew  of 
new  software  applications,  including 
Microsoft  Vista  and  Office  2007,  agency¬ 
wide.  Unfortunately,  because  the  new 
software  requires  hardware  upgrades, 
he’s  had  to  put  off  the  rollout  until  he 
can  eke  some  more  hardware  dollars 
out  of  the  budget. 

Solvay’s  McMillan  says  budgeting  may 
play  a  part,  but  the  worst  thing  about  his  job 
is  that  his  European  counterparts  are  not  as 
comfortable  with  change. 

“Sometimes  the  speed  of  change  is  not  as 
fast  in  Europe  as  it  is  here  in  the  U.S.,” 
McMillan  says. “We’ve  been  pretty  fortunate 
here  in  the  U.S.  because  we’ve  been  able  to 
pioneer  a  lot  of  technologies  that  are  just 
now  being  adopted  in  our  company  world¬ 
wide,  but  the  overall  pace  is  slow,  and  that 
can  be  frustrating.” 

Similarly,  Taylor  says  the  worst  thing 
about  his  job  is  dealing  with  politics. “My 
nature  is  to  cut  to  the  chase  and  get  things 
done  to  support  our  hospitals  and  pro¬ 
vide  the  best  patient  care  we  can,”  he  says. 
“When  office  politics  and  red  tape  get  in 
the  way,  1  get  irritated.  Technology  moves 
too  fast  for  us  to  waste  time." 


A  blessing  and  a  curse 

Others  find  it  difficult  to  separate  the 
best  and  worst  of  their  job.  “My  best  and 
worst  thing  are  the  same  and  that’s  the 
hours  I  work,”  says  Jonathan  O’Brien,  sys¬ 
tems  engineer  at  Active  IT  Design,  an  IT 
consultancy  in  Fort  Mill,  S.C.  “It’s  both  a 
blessing  and  a  curse.” 

O’Brien  says  that  some  days,  he  works 
until  3  a.m.  or  4  a.m.,  but  then  again, 
some  days  he  can  sleep  until  noon.  His 
hours  are  completely  self-customizable, 


but  they’re  also  long. The  problem  is  that 
he  consults  for  a  wide  range  of  clients, 
and  for  many  of  them,  he’s  the  only  IT 
staff  they  have. 

“I’m  always  on  call,  always  available  by 
cell  phone,  and  1  check  my  e-mail  probably 
every  15  minutes  every  daj/’  he  says.  That 
can  be  stressful, such  as  when  he  gets  emer¬ 
gency  calls  at  1 1  p.m.  But  at  other  times,  he 
says,  his  hours  can’t  be  beat. 

“I  may  have  a  week  where  everyone’s 
chugging  along  fine,  and  then  I’ll  get  to  go 
play  some  golf  or  go  to  the  gym  at  10  in  the 
morning  —  which  is  a  definite  perk  over  a 
regular  9  to  5  job,”  he  says.'And  1  also  like  the 
fact  that  it’s  up  to  me.  If  I  do  my  job  right 
and  well,  I  have  more  free  time.” 

Cummings  is  a  freelance  writer  in  North 
Andover,  Mass.  She  can  be  reached  at 
jocummings@comcast.  net. 
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‘That's  the  best  thing  about  my  job  - 1  get 
paid  to  play  with  technology.  What  a  deal." 


Bruce  McMillan 

Manager  of  emerging  technologies 
Solvay  Pharmaceuticals 
Marietta,  Ga. 


“I  may  have  a  week  where  everyone's  chug¬ 
ging  along  fine,  and  then  I'll  get  to  go  play 
some  golf  or  go  to  the  gym  at  10  in  the 
morning  -  which  is  a  definite  perk  over  a 
regular  9  to  5  job.”  Jonathan  O'Brien 

Systems  engineer 
Active  IT  Design 
Fort  Mill,  S.C. 
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Manage  remote  offices  from  wherever  you  are. 
Secure  your  Data  Center.  No  software  licensing  fees. 
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Digital  KVM  IP 


State  of  the  art  security 

Dependable,  Powerful,  Secure,  Guaranteed 

24/7  Mission  Critical  Reliability 
Industry  Best  Video 
USB,  PS/2,  Serial  Support 
Single,  Dual,  Quad  Models 


Digital  KVM  IP 
Switches 

Switch  &  control  1,000s 
of  computers  &  network 
devices  over  IP 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


Multi-platform 
KVM  switches 

Switch  &  control  1,000s  of 
computers  and  network 
devices 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


KVM  Extenders 

Extends  keyboard,  video, 
and  mouse  signals  up  to 
33,000  feet 

fiber,  CATx 
DVI,  VGA,  High  Res. 
PS/2,  USB,  Sun 
Audio,  Serial 


KVM  Rack  Drawers! 

The  most  efficient  way  to 
organize  your  server  room. 

1U  or  2U 

15",  17",  19"  or  20" 

VGA,  DVI 
PS/2,  USB,  or  Sun 
Touchpad  or  Trackball 


Panel  Mount  LCD 

Mounts  vertically  in  a 
standard  19"  rack.  < 

15",  17",  19",  20",  or  23" 

VGA,  DVI,  S-Video 
Optional  Touchscreen 
Optional  Built-in  KVM  Extenders 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+44  (0)  1264  85057 
+65  6324  2322 
+617  3388  1540 


www.rose.com 

281  933  7673  800  333  9343 

ROSE  ELECTONICS  10707  STANCLIFF  ROAD  -  HOUSTON,  TEXAS  77099 
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WMCirc  CMnurt  monitor 


AMPS 


35A,  40A  &  60A  3  Phase  PDU’s  with 
local  &  Remote  Current  Monitoring 

►  Monitored  high  power  distribution  units 

►  Load  balance  at  the  cabinet  level 

►  Ethernet  connection 
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►  Superior  GUI  interface 
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Production  Tracking  Over  Ethernet 

Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 

Features  C  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available 

COMP!  TEHWBE. 

Call  1-800-255-3739  or  visit  www.Gomputerwise.Gom 
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Start  with  the  right  rack, 
and  you  can't  go  wrong. 

Get  the  seamlessly  integrated,  fully  compatible  NetShelter®  rack  system  from  APC®. 


APC,  the  name  you  trust  for  power  protection,  also 
offers  a  comprehensive  line  of  non-proprietary  racks,  rack 
accessories  and  management  tools  that  ensure  the  highest 
availability  in  a  multi-vendor  environment.  With  APC  racks, 
accessories,  and  management  tools,  you  can  design  a 
comprehensive  rack  solution  that  meets  your  availability 
needs  for  today  and  that  easily  scales  up  for  tomorrow. 

Need  assistance?  Our  expert  Configure-to-OrderTeam 
can  custom  tailor  a  complete  rack-mount  solution  , 
that  suits  your  specific  requirements.  (A 


Contact  APC  today  and  protect  your  rack  application  with 
Legendary  Reliability®. 


The  NetShelter®  SX  is 
vendor  neutral  and  carries 
the  "Fits  Like  a  Glove" 
compatibility  guarantee. 


DEU  •  CISCO  •  LUCENT  J 


NetShelter®  SX  starts  at  $1150 

Hack  enclosures  with  advanced  cooling,  power  distribution,  and 

cable  management  for  server  and  networking  applications  in  IT 

environments. 

•  Integrated  rear  cable  management  channels  allow  easy  routing, 
management  and  access  to  large  numbers  of  data  cables. 

•  3000  lbs.  weight  capacity. 

•  Vendor-neutral  mounting  for  guaranteed  compatibility. 

•  Toolless  mounting  increases  speed  of  deployment. 

Rack  PDU  starts  at  $89.99 

Power  distribution  that  remotely  controls  power  to  individual  outlets 
and  monitors  the  aggregate  power  consumption. 

•  Switched,  metered,  and  basic  models  available. 

•  Includes  horizontal/vertical  mounts,  toolless  or  easy  bracket  installation. 

•  Puts  power  in  the  racks  near  the  equipment  where  it  is  needed  most. 

•  Wide  range  of  input  and  output  connections  from  single-phase  to 
3-phase. 

Cable  Management  starts  at  $29.99 
Comprehensive  selection  of  accessories  designed  to  organize 
power  or  data  cables  within  a  rack  environment. 

•  Eliminates  clutter  and  cable  stress. 

•  OU  of  rack  space  with  the  vertical  cable  organizer. 

•  Quick-release  tabs,  toolless  mounting. 

Rack-Mount  Keyboard  Monitor  starts  at  $1550 
HJ  rack-mountable  integrated  keyboard,  monitor  and  mouse. 

•  15"  or  17"  ultra-thin,  LCD  monitor  with  integrated  keyboard. 

•Ease  of  installation  minimizes  support  and  maintenance  costs 

ensuring  lower  total  cost  of  ownership. 

•  Can  be  used  in  a  variety  of  IT  environments  from  computer 
rooms  to  large  data  centers. 

Rack  Air  Removal  Unit  SX  starts  at  $2500 
Pear-door  fan  system  for  performance  heat  removal  up  to  23kW 

•  Temperature  controlled,  variable  speed  fans  allow  reduced 
energy  consumption  during  off-peak  cooling  periods. 

•  Ducted  exhaust  system  increases  air  conditioning  efficiency 
and  prevents  hot  spots  by  eliminating  recirculation. 

•  Manageable  via  Web,  SNMP,  Telnet  and  local  LCD  display. 


P  =  Power  Cooling  R  =  Racks 


NetShelter  is  completely 
compatible  with  all  APC 
award-winning  InfraStruXure® 
architecture,  allowing  you  to 
add  rack,  power  and  cooling 
on  a  scalable  as-needed  basis. 


NetBotz®  Security  and  Environmental  starts  at  $889 
Protecting  IT  assets  from  physical  threats. 

•  Visual  monitoring  of  all  activities  in  the  data  center  or  wiring  closet. 

•  Third-party  monitoring  via  dry-contacts,  SNMP,  IPMI,  0-5V  and  4-20mA. 

•  User-configurable  alarm  and  escalation  policies. 

•  Temperature,  humidity,  and  leak  detection. 


Register  to  WIN  Five  1U  Blanking  Panel  Kits  Value:  $114.95 

Say  goodbye  to  hot  racks!  Keep  enclosures  cool  -  and  efficiency  high  -  by  installing  blanking 
panels  (SKU:  AR8108BLK)  in  unused  rack  space.  You'll  feel  the  difference!  Pegister  online  today. 

For  full  details.Visitwww.apc.com/promoKey  Code  r621x  •  Call  888.289.APCC  x3827  •  Fax  401.788.2797  Legendary  Reliability 

©2007  American  Power  Conversion  Corporation.  All  rights  reserved. 

NetBotz  and  NetShelter  are  registered  trademarks  of  American  Power  Conversion  Corporation.  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  AX4A6BF_NAMe 
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r  Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 

The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  1U  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC,  208 VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles. 

Metered  CDU 

>  Local  input  Current  Monitoring 

Smart  CDU 

>  Local  Input  Current  Monitoring 
>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 
>  Local  input  current  Monitoring 
>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On  /  Off  /  Reboot 


Server  Technology,  Inc. 
1040  Sandhill  Drive 
Reno,  NV  89521 
USA 


toll  free +1.800.835.1 51 5 
tel  +1.775.284.2000 
fax +1.775.284.2065 

www.servertech.com 

sales@servertech.com 


Metered,  Smart  &  Switched 


©Server  Technology,  Inc.  Sentry  is  a  trademark  of  Server  Technology,  Inc 
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Changing  the  architecture  of 
Distributed  Network  Monitoring 


NETWORK  TAPS 

DISTRIBUTED  DATA 
COLLECTION  SYSTEMS 

Monitor  the  entire  infrastructure 
from  a  single  and  central  location 

•  Reduce  overall  deployment  costs 
«  Increase  monitoring  coverage 

*  improve  response  time  to 
troubleshooting  &  security  incidents 


Cal!  v  |  (650)  697-8770 


www.vssmonitoring.com 


on  Vaileyj  VSS  is  the  leader  in  Network  Taps  and  Distributed  Data 
terns  Serving  Banks,  Telco's,  Enterprise  &  Government  Worldwide. 
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Server  room 
climate  worries? 
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Server  Room 
Climate  &  Power 

Monitoring 


How  to  Protect 

By  >„<slaffofrr*‘“hDo*s 


Get  our 

free 

book. 


/TVY 


E-mail  FreeBook@ITWatchDogs.com  with  your 
mailing  address  or  call  us  at  512-257-1462 


Console  Ports  +  Grower  Control  +  Dial-Up  Modem  =  1U 


Web  Browser  Interface 


■  Web  Browser  Access  for  Easy  Setup  and  Operation 

■  Telnet,  Internal  Modem  and  Serial  Access 

■  Four  Individually  Switched  Power  Outlets 

■  Six  DB-9  Serial  Console  Ports 

■  Port  Specific  Password  Protection 

■  Dial-Back  Security  on  Modem  Port 

■  Requires  Only  One  Rack  Unit 

■  Non-Connect  Port  Buffering 

■  Data  Rate  Conversion 

■  120  VAC  Model  -  NEMA  5-15  Outlets 

■  208/240  VAC  Model  -  IEC320  Outlets 


The  CMS-6R4  Console  Management  Switch  is  the  ultimate  tool  for  economical 
Remote  Network  Management.  Six  serial  ports  to  access  you  equipment’s  console 
ports,  Four  power  outlets  to  perform  remote  reboot  or  On/Off  control  plus  an  internal  modem 
with  dial-back  features  for  secure  out-of-band  access  -  all  in  a  space  saving  1 U  package!  System 
administrators  can  access  remote  devices  from  anywhere  via  telnet,  dial-up,  local  terminal  or  KVM  switch. 
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CONSOLE  MANAGEMENT  SWITCH 


t  oration?  WFI  Demo  Room,  Irvine,  CA 


Man«9«nwnt 


CMS  -6R4 


Switch  »  Power 
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Change  Network  Parameters 


5  Strrk*.  Irvme.  Ca.  92618  --  http//www  wn  com 
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Visit  Website  for  Complete  NetReach™  Product  Line 

(800)  854-7226  •  www.wti.com 
5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 


Yes,  We  are  Customer  Friendly! 

✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  for  an  Online  Demo 


western  telematic  incorporated 


Let  the  Model  135 
Monitor  Your  Site 


Model  135 


www  gkmc  com 


The  Model  135  Site  Monitor  is  designed  to  serve  as  your 
"resource  kit”  for  monitoring  and  maintaining  computer, 
communications,  and  specialized  equipment  locations. 

With  a  wide  range  of  built-in  capabilities,  it’s  easy  to  tailor 
a  powerful  site-specific  solution. 

Highlights  include  10/100  Ethernet  and  analog  modem 
connectivity,  serial  port  access  and  text  data  "matching,” 
AC  and  DC  voltage  monitoring,  ping  testing,  and  contact 
closure  inputs  and  outputs.  And  the  web-based  interface 
makes  setup  and  use  a  straight-forward  process. 

For  complete  details  on  the  Model  135,  give  us  a  call  or 
visit  www.gkinc.com. 
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Gordon  Kapes,  Inc. 

Skokie,  IL  USA  |  Ph  847-676-1750  |  www.gkinc.com 


Introducing  the 

Aggregator  nTAP 


www.networkTAPs.com 


Efficiently  aggregate  full-duplex  data  into 
your  analysis  or  security  device. 

•Supports  10/100/1000 

•  Stream  into  two  different  devices 

•  Rack  mount  up  to  three  across 

•  Supports  all  commercial  analysis  systems 

•  Also  works  with  open-source  tools 

Learn  more.  Visit  www.networkTAPs.com. 


Buffer  options: 

256  MB . $1,495 

512  MB . $1,995 


liTAP 


TW! 
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Choose  from  a  variety  of  configurations,  options,  and  pricing.  Plus  a 
complete  line  of  copper  and  optical  nTAPs  for  full-duplex  analyzer  systems. 
Free  overnight  delivery* 

www.networkTAPs.com  •  1-866-GKT-nT'lP 
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©  2006  Network  Instruments,  LLC.  nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  o;  iietwork  lnstn.ncn; . 


•Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  liefirt '  2  |>.m.  Centroi  Pitie 
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The  Smart  Choice  for  Text  Retrieval®  since  1991 


1-800-IT-FINDS  •  www.dtsearch.com 


— 

Instantly  Search  Terabytes  of  Text 


Instantly  Sea^h 
Terabytes  oUext 


♦  over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF,  while  displaying  links,  formatting  and 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet,  email  and 
attachments,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic  Web  content,  with  WYSWYG  hit-highlighting 

♦  API  supports  .NET /.NET  2.0,  C++,  Java,  SQL  databases.  New. NET/. NET  2.0  Spider  API 


mm® 


dtSearch®  Reviews 


♦  "Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 

and  returns  results  in  less  than  a  second"  -  InfoWorld 

♦  "For  combing  through  large  amounts  of  data,  dtSearch  "leads  the  market" 

-  Network  Computing 

♦  "Blindingly  fast"-  Computer  Forensics:  Incident  Response  Essentials 

♦  "Covers  all  data  sources  ...  powerful  Web-based  engines"-  eWEEK 

♦  "Searches  at  blazing  speeds"-  Computer  Reseller  News  Test  Center 

♦  "The  most  powerful  document  search  tool  on  the  market"-  Wired  Magazine 
For  hundreds  more  reviews  —  and  developer  case  studies  —  see  www.dtsearch.com 


Contact  dtSearch  for  fully-functional  evaluations 
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HIGH-END,  LOW  COST 
LOAD  BALANCING  SOLUTIONS 

Prices  starting  at  $},499  with  no  per  server  license  fees. 
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Powerful.  Easy  to  use.  Affordable. 

The  Barracuda  Load  Balancer  is  designed  to 
deliver  powerful  IP  load  balancing  and 
network  intrusion  prevention  at  an 
affordable  price.  Like  our  award-winning 
Spam  Firewalls  and  Web  Filters,  configura¬ 
tion  is  simple  and  operation  is  virtually 
maintenance-free. 


FREE  EVALUATION  UNITS  AVAILABLE 

www.barracuda.com  or  1 -888-ANTI-SPAM 


Computer  Systems  Officer 
(Network  Infrastructure  Security),  P-3 

Deadline  for  application:  26th  March  2007 
Organization:  United  Nations  Office  at  Nairobi 
Duty  Station:  Nairobi,  Kenya 
VA  Number:  06-IST-UNON-412899-R-NAIROBI 
Position  Summary:  Responsible  for  the  planning,  design,  implementation,  operation  &  maintenance  of  the 
UNON  Local  Area  Network  (LAN)  and  Wide  Area  Network  (WAN).  This  involves  all  aspects  of 
LAN/WAN  hardware  configuration,  administration,  management  including  establishment  &  enforcement  of 
guidelines/principles  for  the  operation  of  the  UNON  Network  Services  and  provision  of  secure,  reliable  and 
efficient  LAN/WAN  services. 

Remuneration:  This  post  is  at  the  P-3  level.  Depending  on  professional  background,  experience  and  family 
situation,  a  competitive  compensation  and  benefits  package  is  offered.  Please  visit  the  website  for  salary 
scale  and  other  details  -  http://www.un.org/Depts/OHRM/salaries_allowances/index.html 

For  the  full  vacancy  announcement  text  and  to  apply,  log-on  to  jobs.un.org 


info@recurrent.com 

[DeCO^R^jt 

3431  De  La  Cruz  Blvd,  Santa  Clara.  CA  95054 
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Events  and  Executive  Forums 


Network  World  Events  and  Executive 
Forums  produces  educational  events 
and  executive  forums  worldwide, 
including  our  one  day  Technology  Tours, 
customized  on-site  training,  and  executive  forums  such  as  DEMO®, 
DEMOmobile®.  and  VORTEX,  as  well  as  the  DEMOIetter  and  VORTEX 
Digest  newsletters.  For  complete  information  on  our  current  seminar 
offerings,  call  us  at  800-643-4668  or  go  to  www.networkworld.com/events. 


Publicize  your  press  coverage  in 
Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
make  great  marketing  materials  and 
are  available  in  quantities  of  500 
and  up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399- 


1900  x128  or  E-mail:  networkworld@reprmtbuyer.com. 
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Giancarlo  surveys  Cisco’s  R&D  outlook 


As  Cisco's  chief  development  officer,  Charles 
Giancarlo  oversees  the  company’s  R&D  direction  and 
strategy.  With  the  expansion  into  new  markets  and 
technologies  —  such  as  video  —  the  types  of  engi¬ 
neers  Giancarlo  manages  at  Cisco  have  diversified 
beyond  router,  switch,  ASIC  and  network  software 
developers.  With  the  resignation  this  week  of  Mike 
Volpi,  senior  vice  president  of  Cisco ’s  Routing  and 
Sewice  Provider  Technology  Group,  industry  observers  are  saying  Giancarlo 
is  the  clear  front-runner  to  succeed  CEO  John  Chambers  someday. 
Giancarlo  spoke  with  Network  World 's  Senior  Editor  Phil  Hochmuth 
( before  Volpi’s  departure  was  announced )  about  how  he  juggles  Cisco’s 
various  R&D  activities,  as  well  as  about  some  enterprise  security  tech¬ 
nologies  to  expect  from  Cisco  this  year. 

Cisco  says  45%  of  its  business  comes  from  enterprises,  25%  from  service  providers  and 
commercial  customers  [respectively],  and  around  5%  from  consumer  products.  How  are  R&D 
spending  and  product  development  resources  allocated  to  these  businesses?  Does  it  reflect 
the  percentage  of  revenue  coming  in  from  these  segments? 

It’s  quite  different. The  business  model  in  each  one  of  those  segments  is  quite  dif¬ 
ferent.  We  tend  to  spend,  relative  to  revenue,  the  most  in  service  provider,  followed 
by  enterprise,  followed  by  commercial  and  then  consumer. 

Even  though  service  provider  is  not  quite  as  large  a  business  for  us  as  enterprise, 
the  nature  of  the  service  provider  business  is  one  that  drives  greater  demand  for 
R&D.  Albeit  we  probably  spend  less  on  sales  for  service  providers.  So  there’s  a  bit  of 
a  trade-off.  [Service  providers]  are  bigger  customers  and  require  fewer  salespeople, 
but  on  the  other  hand  they  require  larger  amounts  of  R&D. 

The  complexity  of  the  products  and  the  nature  of  the  competi- 
tion  [are  the  reasons  for  this]. With  large  service  providers, they 
expect  very  custom  environments.  If  you  compare  the  tradi¬ 
tional  P&L  of  a  service  provider  business  vs.  traditional  P&L  of 
an  enterprise  business,  the  service  provider  vendor  will  spend 
more  on  R&D  and  less  on  sales  than  an  enterprise  business.  Of 
course,  we’re  a  blend  of  all  of  those. 
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Do  you  manage  R&D  staff  working  on  TV  remotes  differently  from  technolo¬ 


More  with  Giancarlo 
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gists  developing  customer-networking  ASICs  or  carrier-class  routers? 

It’s  always  a  challenge  whenever  you  have  to  nurture  more  than  one  culture 
inside  an  organization.  When  I  say  culture, you  have  one  group  that  will  have  one 
set  of  priorities,  and  another  with  another  set.  It  creates  a  different  cultural  environ¬ 
ment.  Nurturing  more  than  one  in  a  company  and  being  able  to  be  successful  in 
more  than  one,  is  a  tremendous  challenge.  On  the  flip  side  of  that,  we  get  tremen¬ 
dous  leverage,  where  we  can  utilize  technology  we’ve  developed  in  one  area 
across  the  rest  of  our  businesses. There’s  great  upside  if  we  are  able  to  manage  the 
ability  to  support  more  than  one  team  and  more  than  one  cultural  environment 
inside  the  company. 

What's  an  example  of  a  technology  Cisco  has  used  across  multiple  business  segments? 

Voice  over  IP  for  example.  We  utilize  it  in  enterprise,  but  we  use  it  across  the 
board  —  enterprise,  service  provider  and  consumer.  But  the  trade-offs  in  each 
group  are  quite  different.  Ease-of-use  vs.  functionality  vs.  scalability  vs.  cost. This 
sets  up  some  very  interesting  discussions,  not  only  among  the  product  develop¬ 
ment  teams  themselves  but  as  they  interact  with  service,  sales  and  support. 
Sometimes  we  need  to  go  in  and  actively  translate  and  make  sure  we  have  the 
right  focus  in  the  right  areas  so  we  do  produce  the  right  thing  for  that  particu¬ 
lar  customer  segment. 

Regarding  enterprise  security,  what  is  the  status  of  Cisco's  NAC  efforts?  Is  the  company 
where  you  would  like  it  to  be  in  terms  of  NAC  product  offerings  and  customer  adoption? 

With  regard  to  NAC,  I  would  say  the  full  implementation  of  NAC  is  a  little  bit 
behind  where  we  would  have  liked  to  be  at  this  time. 

Part  of  that  is  due  to  the  fact  that  our  customers  indicated  to  us  that  they  did 
not  want  to  just  deploy  NAC  at  the  branch  office. They  wanted  it  on  the  main 
campus.  And  for  full  deployment  in  the  main  campus,  we  really  have  to  go 
through  full  switch  upgrades  on  all  of  our  switches  across  all  those  product 
lines.  And  that’s  taken  a  little  bit  longer  than  we  expected. 

But  we’ll  be  rolling  out  full  NAC  deployments  this  calendar 
year,  certainly. 

The  basic  [NAC]  capabilities  will  become  available  across 
our  mainstream  switching  products  this  year,  which  will  allow 
us  to  deploy  in  mainstream  customers.  We  have  to  finish  those 
products  this  year.  [NAC  support]  is  available  now  on  some  of 
the  stackable  switches,  but  not  yet  fully  on  the  [chassis-based] 
Catalyst  4500,  and  only  partially  available  on  the  Catalyst  6500. 
So  we  just  need  to  complete  all  of  that.  ■ 


Key  exee  Volpi  bolts  Cisco 


BY  JIM  DUFFY 

Mike  Volpi,  the  head  of  Cisco’s  Routing  and  Service 
Provider  Technology  Group,  resigned  from  the  com¬ 
pany  last  week  to  pursue  other  opportunities. 

Volpi  was  responsible  for  Cisco’s  overall  strategy  for 
the  service  provider  market  and  for  all  of  Cisco’s  mar¬ 
ket-leading  routing  and  access  products.  These 
include  core,  midrange,  and  access  routers  from  the 
CRS-1  and  the  12000  and  800  series;  mobile  wireless, 
cable  and  video  solutions;  as  well  as  Cisco’s  optical 
networking  and  service-provider  voice  systems. 

His  responsibilities  will  be  split  between  Pankaj 
Patel  and  Tony  Bates,  both  senior  vice  presidents  and 
general  managers  of  the  renamed  Service  Provider 
Technology  Group.  Like  Volpi,  they  will  report  to 
Charles  Giancarlo,  Cisco’s  chief  development  officer. 

Volpi’s  departure  leaves  Giancarlo  as  the  clear 
potential  successor  to  CEO  John  Chambers,  though 


observers  do  not  expect  Chambers  to  leave  anytime 
soon.  Indeed,  Volpi’s  departure  coincides  with  a 
restructuring  of  the  product  development  groups  for 
service  providers  and  network  operating-system  soft¬ 
ware  that  places  more  responsibility  for  these  activi¬ 
ties  under  Giancarlo. 

Early  in  his  Cisco  career, Volpi  orchestrated  many  of 
the  acquisitions  that  helped  Cisco  grow  from  a  $2  bil¬ 
lion  company  to  the  $30  billion  behemoth  it  is  today 
Cisco  acquired  more  than  70  companies  during 
Volpi’s  tenure,  and  he  is  credited  with  developing 
Cisco’s  acquisition  and  integration  processes,  which 
Cisco  says  have  been  a  significant  driver  of  the  com¬ 
pany’s  growth  into  new  markets. 

“I’m  going  to  take  about  four  to  six  months  and  fig¬ 
ure  out  what’s  next, ’’Volpi  says. 

Volpi  was  responsible  for  developing  switching  pro¬ 
ducts  for  data  centers  and  distribution  applications.* 
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Coming  Tuesday,  March  6th 

NETWORK  WORLD  READERS  QUALIFY  TO  ATTEND  FREE 


NETWORKWORLD 

SHE  Conference  &  Expo 


Ron  Rose,  CIO  of  Priceline.com,  sits  down  for  public  one-on-one  interview  at  Boston  Event 


What  is  IT  Roadmap:  Boston?  Leading 
technology  direct  from  solution  providers. 
Best  practices  direct  from  IT  all-stars. 

New  solutions  direct  from  the  editors  who 
report  on  them,  the  vendors  who  created 
them,  the  analysts  who  rate  them,  and  the 
users  who  know  them. 

IT  Roadmap:  Boston  is  the  only  event 
offering  team  coverage  in  8  key  areas  of  IT. 
Complete  with  case  histories  from  frontline 
users.  Answers  from  IT  insiders.  Data  from 
industry  researchers.  Insights  from  IT 
specialists.  And  embedded  within. ..a  tightly- 
focused,  solution-oriented  expo  of  top 
vendors  where  the  takeaways  even  include 
the  chance  to  win  your  own  plasma  TV! 

Created  by  Network  World,  the  leading 
voice  of  enterprise  IT.  Led  by  Network 
World  president  and  editorial  director, 

John  Gallant.  Hosted  by  Network  World’s 
own  “Voice  from  IT  Roadmap,”  reporter 
Paul  Desmond. 

Check  the  agenda.  And  become  a  part  of 
it.  Reserve  your  seat  now.  And  get  ready  for 
an  IT  Roadmap  that  starts  in  Boston  and 
takes  you  everywhere  you  need  to  drive 
your  enterprise. 

For  complete  information 
and  to  register,  go  to 
www.networkworld.com/RM7BA3 
or  call  800-643-4668. 


IT  Roadmap:  Agenda  for  the  Day 

Not  just  compelling  new  technologies  and  state-of-the-art  best  practices,  but  how  the  pieces  fit  together  to  create  an  architecture  that  can  drive  business. 


7:30  Registration  and  Complimentary  Continental  Breakfast 

8:15  Introduction  and  Agenda  Overview  Paul  Desmond,  Events  Editor,  Network  World,  Inc. 

8:30  Roundtable  with  IT  Roadmap  Track  Analysts  ”10  X-Factors  for  Next-Generation  Networks”  Moderated  by  John  Gallant  and  Paul  Desmond 

9:00  Fireside  Chat  John  Gallant,  President  &  Editorial  Director,  Network  World  interviews  Ron  Rose,  CIO  of  Priceline.com 

9:30  Technology  Keynote  Join  Principal  Sponsor  Cisco  for  the  Keynote  Session  and  hear  Ben  Gibson,  Director  Mobility  Solutions,  discuss  enterprise  mobility 

trends  and  solutions. 

10:00  Break  for  Complimentary  Refreshments 


10:15  MORNING  TRACKS  (Choose  One) 

Each  information-packed  track  presents  a  real-world  user  case  study,  vendor-specific  solution,  and  best  practices  you  can  take  back  to  your  enterprise 

Application  &  Content  Security  The  New  Data  Center  Enterprise  Mobility  Network  Management 

ANDREAS  ANTONOPOULOS,  JOHNA  TILL  JOHNSON,  CRAIG  J.  MATHIAS,  JIM  METZLER, 


Nemertes  Research  Nemertes  Research 

JOHN  ARSNEAULT,  NAVIDATOOFI, 


Farpoint  Group 


Ashton,  Metzler  &  Associates 
DAVID  HAUSER. 


Harvard  Business  School  Northeastern  University 


GotVMail  Communications 


12:30  Complimentary  Lunch  is  Served  and  IT  Expo  is  Open 


2:40  AFTERNOON  TRACKS  (Choose  One) 
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VoIP,  Convergence  & 
Collaboration 
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Brandeis  University 
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Acceleration 

JIM  METZLER. 
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NAC:  Network  Access  Control 

JOEL  SNYDER, 
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CURTIS  SIMONSON, 

University  of  New  Hamshire 


5:00  Reception  and  IT  Expo  Take  this  opportunity  to  visit  with  sponsors  in  our  expo  hall  and  learn  about  the  best  products  and  services  to  drive 
your  network  in  2007! 

6:00  Passport  Drawing:  Fantastic  giveaways  with  the  Grand  Prize  being  a  Plasma  Television  -  compliments  of  AT&T!  You  must  be  present  to  receive  awards. 


AFTER-EVENT  ADDED-VALUE  BONUS:  Access  to  the  ITR  Exchange,  the  private,  password-protected  IT  Roadmap  online  community  where  you  can  track  the  results  of  post 
conference  surveys.  Read  and  download  presentations  from  each  of  the  eight  tracks.  And  continue  to  network  with  colleagues. 
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BACKSPIN 


Mark  Gibbs 


The  how,  why  and  where  of  future  IT 


fhat  will  your  IT 
department  look 
like  in,  say,  five 
years?  This  is  an  impor¬ 
tant  question,  because 

we’re  at  the  beginning  of  an  array  of  major  changes  in 
the  how,  where  and  why  IT  is  done. 

These  changes  are  being  driven  by  a  number  of  power¬ 
ful  technical  and  market  forces  that  include  virtualization, 
software-as-a-service,  an  increasingly  mobile  and  decen¬ 
tralized  workforce  and  the  demand  for  IT  organizations  to 
add  value  rather  than  simply  provide  services. 

Every  one  of  these  forces  is  creating  a  challenge  in 
which  change  is  inevitable.  Being  able  to  recognize  when 
these  challenges  are  on  your  horizon  and  respond  to  the 
implicit  call  to  action  are  what  will  distinguish  the  organi¬ 
zations  that  can  capitalize  on  a  competitive  edge. 

And  let’s  be  clear,  when  we  talk  about  competitive  edge 
we’re  almost  always  talking  about  a  short-term  tactical 
advantage  —  there  are  few  situations  in  which  a  competi¬ 
tive  edge  has  durable, strategic  value.The  art  of  staying 
competitive  is  about  being  able  to  continually  adjust  and 
take  advantage  of  changing  circumstances. 

If  the  IT  organization  is  to  add  value,  it  must  have  a  pro¬ 
ductive  stake  in  the  business  process.To  put  that  another 
way  IT  has  to  be  able  to  show  that  it  delivers  a  real  return 


on  investment.  Of  course, you  know  that  to  be  true, so  the 
problem  is  how  to  make  that  a  fact  rather  than  a  theory 

First  consider  the  combination  of  low-cost  hosting  (com¬ 
pared  with  owning,  managing  and  maintaining  server 
infrastructure)  and  virtualized  infrastructure, such  as  3tera’s 
AppLogic  (see  the  last  two  weeks  of  Gearhead).This 
makes  the  argument  for  running  any  customer-facing  func¬ 
tions,  such  as  Web  services,  applications  and  extranets,  in- 
house  much  less  compelling,  if  not  downright  specious. 

The  next  challenge  is  whether  you  need  to  run  your 
own  enterprise  applications  in-house.  A  few  years  ago  soft¬ 
ware-as-a-service  was  experimental. Things  have  changed, 
and  as  the  software-as-a-service  vendors  have  become 
more  sophisticated  and  the  Internet  infrastructure  more 
robust,  the  value  proposition  has  become  undeniable. 

And  now  that  inexpensive,  fat  data  pipes  are  available, 
user  access  performance  is  not  much  of  an  issue. 

Those  mobile  and  remote  office  staff  provide  the  next 
challenge.  Software-as-a-service  provides  a  more  cost- 
effective  way  of  delivering  core  business-  process  support 
to  wherever  your  users  are  compared  with  running  those 
applications  in-house  on  hardware  you  own  and  manage, 
and  then  having  to  run  VPNs  through  the  enterprise’s 
envelope  to  provide  secure  access. 

The  result  of  these  last  two  opportunities  is  that  services 
such  as  Salesforce,  NetSuite, Webex  and  CrownPeak  are 


becoming  major  forces  in  delivering  enterprise  business 
resources. This  is  not  only  because  they  are  cost  effective, 
but  also  because  they  simplify  the  enterprise  IT  landscape 
in  much  the  same  way  that  adopting  outsourced  virtual¬ 
ized  infrastructure  for  customer-facing  IT  operations  does. 

What  could  the  IT  department  of  tomorrow  look  like?  In 
many  organizations  everything  customer  facing  will  be 
hosted  externally  on  scalable  virtualized  infrastructures 
and  enterprise  applications  of  all  kinds  will  be  services 
provided  by  software-as-a-service  vendors.  Internal  techni¬ 
cal  staff  will  exist  primarily  to  enable,  manage,  and  secure 
user  access  and  data  resources  on  user  computing 
devices  on  a  simpler  network  that  will  exist  primarily  to 
connect  users  to  outsourced  applications  and  services. 

The  biggest  benefits  of  this  new  IT  will  be  flexibility  and 
scalability.  And  when  it  comes  to  the  drivers  of  enterprise 
IT  there  will  be  less  focus  on  the  mechanics  of  providing 
IT  services  and  more  on  the  business  of  the  enterprise. 
Indeed,  ultimately  IT  will  be  inseparable  from  the  enter¬ 
prise,  and  most  of  its  responsibilities  will  involve  manag¬ 
ing  services  with  quantifiable  ROl. 

So,  is  this  what  your  enterprise  IT  will  look  like  in  five 
years?  Do  you  think  your  organization  can  grasp  the  great 
opportunities  ahead  or  will  you  be  running  to  keep  up? 
Confessions  and  predictions  to  backspin@gibbs.com. 


News,  insights  and  oddities 


Did  Gates  fib  about  Hl-B  hires  getting  $100k? 


While  in  Washington  last  year  lobbying  lawmakers 
Paul  McNamara  and  cajoling  journalists  for  looser  immigration  poli¬ 

cies,  did  Bill  Gates  tell  a  big  fat  fib  regarding  what 
Microsoft  pays  the  holders  of  Hl-B  visas? 

That  would  appear  to  be  the  case,  at  least  based  on  an  analysis  provided  by  off¬ 
shoring  critic  Robert  Oak  and  Ron  Hira,  an  assistant  professor  of  public  policy  at  the 
Rochester  Institute  ofTechnology.Their  work  was  first  posted  last  week  on  a  pair  of 
popular  political  blogs,  MyDD  (Direct  Democracy)  and  DailyKos.You  can  follow  all  the 
links  via  Buzzblog  at  www.nwdocfinder.com/7345. 

Microsoft  says  no  to  the  allegation,  naturally,  and  you  can  read  more  of  the  compa¬ 
ny's  statement  below. 

On  March  19,  2006,  David  Broder  of  The  Washington  Post  reported  that  Gates  told 
him  Microsoft’s  Hl-B  hires  start  at  about  $100,000  a  year.The  key  paragraph: 

“As  Gates  said,  these  are  highly  paid,  highly  qualified  individuals.  Salaries  for 
these  jobs  at  Microsoft  start  at  about  $100,000  a  year.  Their  counterparts  can  be 
hired  more  cheaply  in  China  or  India,  he  said,  but  Microsoft  does  85  percent  of  its 
research  and  development  work  in  the  United  States  because  it  wants  its  comput¬ 
er  scientists  interacting  directly  with  its  program  managers  and  its  marketing 
people  on  its  own  campus.” 

And  here’s  the  meat  of  what  Oak  and  Hira  provided,  based  on  an  analysis  of  Green - 
Card  applications  filed  by  Microsoft  and  kept  online  by  the  government: 

‘  Unfortunately  for  Bill  Gates,  when  a  corporation  sponsors  a  green  card,  they 
must  publish  the  actual  salary  along  with  the  application.  .  .  .  Only  3.3%,  or  40 
employees,  of  the  1,202  total  green  card  applications  submitted  by  Microsoft  had 
wages  above  $100k,”  Oak  writes.  “In  fact,  more  applications,  8.3%,  or  92  employ¬ 
ees,  were  paid  salaries  below  $60k.  Most  of  the  job  titles  of  the  1,202  applications 
were  Software  Engineer,  an  entry-level  job  indicator.The  median  salary  for  all  was 
$71k,  wei;  below  the  $100k  that  Bill  Gates  touted  in  his  claim  of  a  great  shortage  of 


“talent”  in  America  (read  cheap,  controllable  and  young).” 

I  have  been  sympathetic  toward  backers  of  looser  immigration  policies,  in  general, 
and  Hl-B  limits,  specifically.  However,  central  to  the  latter  position  has  long  been  the 
often-repeated  contention  that  Hl-B  visas  go  to  highly  specialized,  highly  compen¬ 
sated  professionals  who  are  otherwise  difficult,  if  not  impossible,  to  find  here.  If  that’s 
not  the  case,  the  argument  in  favor  of  lifting  Hl-B  ceilings  weakens  considerably. 

Here  is  the  statement  provided  by  a  Microsoft  spokesman  to  me:  "The  need  to 
attract  and  retain  talent  is  vital.The  positions  we  seek  to  fill  are  for  those  with  the 
highest  levels  of  skill  available  and  for  which  there  are  no  U.S.  candidates.  Competition 
for  that  talent  is  global  and  intense.  As  we  highlighted  in  a  letter  to  Congress  last  year, 
‘The  H-1B  program  has  strong  wage  requirements  and  other  protections  for  U.S. 
workers.  Moreover,  Microsoft  compensates  its  H-1B  workers  at  the  same  high  levels 
as  U.S.  workers,  and  at  levels  substantially  above  the  government  set  ‘prevailing 
wages'  for  each  occupation  (although  some  critics  have  confused  the  ‘prevailing  wage’ 
level  for  what  Microsoft  actually  pays  its  employees),  for  example:  Software  develop¬ 
ment  engineers  averaged  more  than  $109,000  in  total  direct  compensation  in  2005. 
Program  managers  averaged  over  $110,000  in  total  direct  compensation  in  2005.'  “ 

Something  tells  me  that  there  is  significance  in  the  phrase  “total  direct  compensa¬ 
tion."  Broder’s  description  of  what  Gates  told  him  was  that  "salaries  for  these  jobs  at 
Microsoft  start  at  about  $100,000  a  year." 

I’m  not  thinking  those  are  the  same  thing.  As  for  the  bit  about  "no  U.S.  candi¬ 
dates,”  it  is  simply  a  lie. 

Please  sign  up  for  Buzzblog:  The  Newsletter. 

Same  crumbelievable  Buzzblog  content  (yes,  I  watch  Colbert),  only  in  a  dishwasher- 
safe  newsletter  format.  You  can  sign  up  at  www.nwdocfinder.com/7344. 

And,  of  course,  the  e-mail  address  never  changes:  buzz@nww.com. 


By  2010,  the  increase  in  expense  to  power  and  cool  servers  is  projected  to  be  approximately  four  times  the 
increase  in  new  server  spending.1  The  IBM  System  x3655  Express  can  help  control  rising  energy  costs  starting 
today.  How?  It  comes  with  an  ingenious  technology  called  PowerExecutiveT  which  allows  you  to  allocate 
power  to  each  server,  helping  to  optimize  and  save  you  money.2  Only  IBM  has  it.  The  x3655  is  just  one  of 
many  Express  systems  designed  for  business  performance  computing.  With  IBM,  innovation  comes  standard. 
So  why  waste  energy  on  anything  else? 


AUTOMATICALLY  PUTS 
YOUR  BUSINESS  INTO 
ENERGY-SAVING  MODE. 


IBM  System  x3655  Express 

Mission-critical  availability  and  performance  in  an  affordable  package. 


Monitor  power  consumption  and  allocate  power  where  needed  with  PowerExecutive 
64GB  maximum  low-power  DDR2  memory 


Choose  flexibility  and  robust  I/O  configuration  with  IBM  extended  I/O 

Featuring  the  Next-Generation  AMD  Opteron™  processor  with  AMD  PowerNow!™  technology 


Limited  warranty:  3  years  on-site3 


AMD 


From 


$2,359 


or  $61/montfT 


Opteron 


•All  prices  are  IBM  s  estimated  retail  selling  prices  as  of  January  16. 2007.  Prices  may  vary  according  to  configuration.  Resellers  se!  their  own  prices,  so  reseller  prices  to  end 
users  may  wry.  Products  are  subject  to  availability  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  otter  the  products,  features,  or  services 
discussed  in  this  document  in  other  countries.  Prices  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features. 
Contact  your  IBM  representative  or  IBM  Business  Partner  tor  the  most  current  pricing  in  your  geography  1.  Based  on  'IOC.  The  Impact  ot  Power  and  Cooling  on  Data  Center 
Infrastructure.’  Document  #201722,  May  2006."  page  six,  which  highlights  that  a  rapidly  rising  server  installed  base  is  projected  to  drive  an  increase  in  the  cost  of  power  and 
cooling  over  the  next  live  years.  2.  PowerExecutive  can  help  save  power  during  periods  ot  lower  utilization.  3.  IBM  hardware  products  are  manufactured  Irom  new  parts,  or 
new  and  serviceable  used  parts  Regardless,  our  warranty  terms  apply.  For  a  copy  of  applicable  product  warranties  visit:  ibm.com/seivers/support'machinejwarrarities 
or  write  to:  Warranty  Information.  P.0.  Box  12195,  RTP.  NC  27709,  Attn  Dept.  JOJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  or 
services,  including  those  designated  as  ServerProven  or  ClusterProven.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor.  IBM  will  attempt  to 
diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty  is  available  only  for  selected  components.  4.  IBM  Global  Financing  offerings  are 
provided  through  IBM  Credit  LLC  in  the  United  States  and  otner  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers  Monthly 
paymenls  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  (actors.  Lease  otter  provided  is  based  on  a  FMV  lease  ot  36  monthly 
payments  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice  Information  about  non-IBM  products  is  obtained 
Irom  the  manufacturers  of  those  products  or  then  published  announcements.  IBM  has  not  tested  those  products  and  cannot  confirm  the  performance,  compatibility  ,  or  any 
other  claims  related  to  non-IBM  products.  Questions  on  the  capabilities  ot  non-IBM  products  should  be  addressed  to  the  suppliers  ot  those  products.  5  Remote  Supervisor 
Adapter  (RSA)  It  SlimLine  can  enhance  your  ability  to  manage  your  server  via  an  active  network  connection  to  the  server  as  well  as  through  an  optional  dedicated  network 
connection  to  the  RSA  II  SlimLine.  To  manage  servers  in  different  locations,  you  must  have  http  or  WAN  access  to  the  server  via  the  RSA  II  SlimLine.  6.  Oiler  subject  to 
the  complete  terms  of  the  IBM  Remote  Supervisor  Adapter  Promotion.  Otter  can  be  withdrawn  by  IBM  at  any  time  without  notice.  IBM.  the  IBM  logo,  PowerExecutive  and 
System  x  ate  trademarks  or  registered  trademarks  ot  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries  AMD.  the  AMD  logo,  AMD 
PowerNow!  and  AMD  Opteron  are  trademarks  ot  Advanced  Micro  Devices,  Inc  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  ot  otners. 
©2007  IBM  Corporation.  All  rights  reserved. 


30%  OFF  IBM  REMOTE 
SUPERVISOR  ADAPTER  II 
SLIMLINE 

Remote  control:  Manage  a  server 
from  a  different  floor.  A  different 
building.  Or  a  different  city? 

With  an  advanced  yet  simplified 
remote  management  system  for 
IBM  System  xm  servers.  Now  at 
30%  off  through  March  30? 


ibm.com/ 

systems/innovate65 


1  866-872-3902 

mention  6N7AH02A 


STARING  BACK  AT  YOU  FROM  A  $50  DESKTOP  WITH  A  $500  ATTITUDE 


Discover  SUSE®  Linux  Enterprise  Desktop  10  from  Novell®.  Infrastructure  for  innovation™ 

It's  the  $50  desktop.  The  only  one  with  amazing  desktop  graphics,  word  processing,  spreadsheet,  presentation, 
Web  browser,  email,  multi-media,  active  directory  integration  and  advanced  Microsoft-file  compatibility.  The  only 
one  that  delivers  everything  you  need  for  a  fraction  of  the  cost.  So  you  can  put  your  resources  to  better  use. 
It’s  just  one  more  piece  of  the  Open  Enterprise:  all  the  infrastructure  it  takes  to  innovate. 


Innovate  today  at  www.novell.com/linux 


Novell. 

This  Is  Your  Open  Enterprise.1" 


Copyright  ©2007  Novell.  Inc.  All  rights  reserved.  Novell,  the  Novell  logo,  and  SUSE  are  registered  trademarks  and  This  Is  Your  Open  Enterprise  and  Infrastructure  for  innovation  are  trademarks  of  Novell,  Inc.  in  the  United  States  and  other  countries.  "Linux  is 
a  registered  trademark  of  Linus  Torvaids.  All  other  third-party  trademarks  are  the  property  of  their  respective  owners. 


